.htaccess Tutorial

November 6, 2007

Creating a .htaccess file

When you want to create a .htaccess file you may have some problems. Writing commands may be a simple process, you can make this using a text editor like Notepad. There are problems when you save the file because .htaccess is a special name for a file. This has no name, but has a 8 letters extension and some operating systems doesn’t accept it. With most operating systems you have to save the file having the name between quotation marks: “.htaccess”. If this procedure doesn’t work, you have to rename the file using another name, for example htaccess.txt, and try to upload it on the server. After upload the file name can be changed to the initial form using a FTP program.

Personalized error pages

Using the .htaccess file you can have your own error pages, shaped after the design of other pages saved on the server. This procedure will give a more professional aspect to your page if it happens to be errors. You can use personalized error pages adding the next command in the .htaccess file: ErrorDocument ErrorNumber /file.html.

For example, if you have a 404.html file stored in the root and want to use it to a 404 error, use the command: ErrorDocument 404 /404.html

If the file is stored in another folder you have to specifies to path to the file: ErrorDocument 500 / path/500.html.

Below are few common errors:

401 - Authorization Required
400 - Bad request
403 - Forbidden
500 - Internal Server Error
404 - Wrong page

All you have to do is to create the file you want to display in case of an error, upload it on the server, and add the call command in the .htaccess file.

Deny access to a directory without index

There are situations when you don’t have an index file in some directories. In case the directory is accessed by some visitors, it will be shown the list of all files stored within it. This can be unpleasant when you have files that you don’t want to be accessed from the outside.

If you don’t want to be in the same situation you can add a command in the .htaccess file, without being necessary to create empty index files in every directory.

Options -Indexes

Ban/Allow for IPs

In some situations you may want to allow only certain IPs, to access a site, for example, only subscribers of one Internet provider, or you may want to ban some IPs to avoid spam. We suppose here you know the IP addresses, because we know that some users have dynamic IPs and this method is not the good one always.

Deny for an IP address: deny from 000.000.000.000

–> where 000.000.000.000 is the IP we want to ban

Allow for an IP address: allow from 000.000.000.000

–> where 000.000.000.000 is the IP the one who can visit the page

If you don’t want anybody to see your page use the command: deny from all

Redirecting

One of the most used function of the .htaccess file is redirecting the accessed files to another files stored on the same server or to another websites. When you rename a file, it is an useful way to facilitate finding it. You can make this way:

Redirect /location/from/root/file.ext http://www.anothersite.com/new/location/file.ext

For a better understanding you can also read the others .htaccess redirecting article on our website!

Password protecting a directory

.htaccess file

The process for adding a password to a directory includes two stages:

add commands in the .htaccess file - subdirectories will be protected as well

AuthName “Name”
AuthType Basic
AuthUserFile /home/www/.htpasswd
Require valid-user

Name can be replaced with the name for the protected directory or any other meaningful description of your protected area because this will appear as a title to the login dialog box popped up.

/home/www/.htpasswd must be changed to reflect the complete path to the .htpasswd file

.htpasswd file

If you want to protect your files you have to create a file who has to contain a list with the users name and the passwords. This line is added in a file named .htpasswd - that has the same structure as the .htaccess file , a no name file with a 8 letters extension.

After creating the .htpasswd with a text editor you have to add the list of the users this way:

user:password

where password is the encrypted form of a normal password. For encrypting a password you need a specialized program. You can find scripts that add users and passwords in the .htpasswd file or you can use the command line(shell) to generate i. Should be something like this :

htpasswd -c filename username that will create the file named “filename” and will add a record for user “username”;

Accessing the website via URL after htaccess password protecting

When you want to access a website that is protected with .htaccess the browser will display a standard pop-up for identification.

Another way to accessed a protected file is to have the address formated this way, which won’t work in IE more likely:

http://user:password@www.site.com/director/

The .htaccess file is one of the most important tools that a webmaster can use. Using this tutorial you can increase the security level of your website.If you found this useful or have something to add you can comment on our forums.