How to secure your site using .htaccess

Write your "How To" regarding anything you are comfortable with and you feel it will help the forum members.

NOTE :: All threads started here will appear only after the approval from Administrator
Post Reply
OnscrenSpider
Posts: 36
Joined: Mon Jul 04, 2005 8:37 pm

How to secure your site using .htaccess

Post by OnscrenSpider »

wassup i want to write some lines about this file included as default in the cpanel accounts.
first you have to know is that the .htaccess file is a config file for your site and can transform it more secure.

Error ****:
in order to specify your own customized error ****, you simply need to add the following command on one line within your .htaccess file:

**** code /directory/filename.ext
or
**** 404 /errors/notfound.html
this would cause any error code resulting in 404 to be forward to yoursite.smokyhosts.com/errors/notfound.html

you can also specify HTML believe it or not!
**** 401 "<body bgcolor=#fff0ff><h1>You have to be a <a href="#">member</a> to see this page buddy!

note that the **** starts with a " just before the HTML starts but does not end with one...

Default Page:
you have to place this in your .htaccess file

DirectoryIndex filename.html index.cgi index.pl default.htm

placing the above command will cause that when a user types in yoursite.smokyhosts.com your site will look for filename.html in your root directory (or any directory if you specify this in the global htaccess) and if it finds it, it will load that page as the default page, if it does not find filename.html it will then look for index.cgi, if it finds that one it will load it, if not, it will look for index.pl and the whole process repeats until it finds a file it can use...

Prevent Directory Listing:
this will make that dont appear all the files on a directory like default (Index of...)

IndexIgnore *

the * is a wildcard that matches all files, nothing in that directory will be allowed to be listed but what if you like to list just some files (who?)

IndexIgnore *.gif *.jpg

that will show for example your .html files but not your images

Deny IP:
you can deny access based upon IP address or an IP block

order allow,deny
deny from 186.245.146.78
deny from 186.234.25.
allow from all

the above blocks access to the site from 186.245.146.78, and from any sub domain under the IP block 186.234.25. (186.234.25.1, 186.234.25.2, 186.234.25.3...)
also u can use that for a site scraping your content like hotlink but for the entire web

and the last thing

Prevent viewing of .htaccess file:
what if someone want to see your personal settings? it's possible to prevent the .htaccess file from being viewed in this manner

<Files .htaccess>
order allow,deny
deny from all
</Files>

or just chmod to 644 :p
-greetz-


Top
SHAdmin
Posts: 2095
Joined: Sat Dec 18, 2004 11:28 am
Contact:
Contact SHAdmin

Post by SHAdmin »

Hi,
Your 'How To' has been approved and you have been credited 20 points for sharing it.
Top
Post Reply

Return to “How To”