Welcome!

Internet Marketing - Planning & Management | Conversion Analyst

Mohsin Khawaja

Subscribe to Mohsin Khawaja: eMailAlertsEmail Alerts
Get Mohsin Khawaja via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Sun Developer Journal, Java Developer Magazine

Blog Feed Post

.htacess file tutorial – useful tips

For those who are unfamiliar with .htaccess file, here is  the basic info:

 .htaccess (hypertext access) is the default name of a directory-level configuration file that allows for decentralized management of web server configuration. The .htaccess file is placed inside the web tree, and is able to override a subset of the server's global configuration; the extent of this subset is defined by the web server administrator.[1] The original purpose of .htaccess was to allow per-directory access control (e.g. requiring a password to access the content), hence the name. Nowadays .htaccess can override many other configuration settings, mostly related to content control, e.g. content type and character set, CGI handlers, etc.

Following are some basic tips and uses of .htaccess file, I think every webmaster should at least have an idea of the power and usefulness of .htaccess file.

1. Create a custom error page.

.htaccess makes it easy to create your own custom error pages. Just create your custom error page files and then add this code to your .htaccess file:

ErrorDocument 401 /401.php 
ErrorDocument 403 /403.php 
ErrorDocument 404 /404.php 
ErrorDocument 500 /500.php 

(you should replace the “/500.php” or whatever with your own file path and name.)

 

2. Prevent directory browsing.

If you don’t include an index file in a directory, visitors can browse the directory itself. But preventing that is as easy as adding a single line to your .htaccess file:


Options All –Indexes

 
3.Block access to your .htaccess file

By adding he following code to your htaccess file will prevent attempts to access your htaccess file. This extra layer of security protects your htaccess file by displaying a 403 error message on the browser.


# secure htaccess file
<Files .htaccess>
 order allow,deny
 deny from all
</Files>

 
4. Set the default page of each directory.

If you don’t want to use an index page in each directory, you can set the default page visited when someone reaches (like an about page or a page offering the newest content) that directory by adding this:

DirectoryIndex news.html 


(And of course you’d replace the “news.html” bit with whatever you want to use as the default.)

 
5.Redirect everyone to different site except few IP

If you want to redirect all the visitors to a different IP. Also give access to certain  few IPs. You can use the code below:

ErrorDocument 403 http://www.youdomain.com
Order deny,allow
Deny from all
Allow from 124.34.48.165
Allow from 102.54.68.123

 
6.Redirect Visitors While You Update Your Site

Update and test your site while visitors are redirected to the page of your choice:

order deny,allow
deny from all
allow from 123.123.123.123

ErrorDocument 403 /page.html

<Files page.html>
allow from all
</Files>


Replace 123.123.123.123 with your IP address. Also replace page.html with the name of the page you want visitors to see.

 
7.Disguise your file types.

You can disguise all of your file types by making them appear as PHP files. Just insert this snippet in:

ForceType application/x-httpd-php 

 
8.Protect your site from hotlinking.

The last thing you want is for those stealing your content to also be able to embed the images hosted on your server in their posts. It takes up your bandwidth and can quickly get expensive. Here’s a way to block hotlinking within htaccess:

view plaincopy to clipboardprint?
RewriteEngine On 
RewriteCond %{HTTP_REFERER} !^$ 
RewriteCond %{HTTP_REFERER} !^
http://([ -a-z0-9]  \.)?domain\.com [NC] 
RewriteRule \.(gif|jpe?g|png)$ - [F,NC,L] 


(Of course you’ll want to replace the domain\.com with your own domain name.)

 
9.Restrict file upload limits for PHP:

You can restrict the maximum file size for uploading in PHP, as well as the maximum execution time. Just add this:


php_value upload_max_filesize 10M 
php_value post_max_size 10M 
php_value max_execution_time 200 
php_value max_input_time 200 

Line one specifies the maximum file size for uploading; line two is the maximum size for post data; line three is the maximum time in seconds a script can run before it’s terminated; and line four is the maximum amount of time in seconds a script is allowed to parse input data.

 
10.Force a file to download with a “Save As” prompt.

If you want to force someone to download a file instead of opening it in their browser, use this code:

AddType application/octet-stream .doc .mov .avi .pdf .xls .mp4

 
11.Redirect to a secure https connection

If you want to redirect your entire site to a secure https connection, use the following:


view plaincopy to clipboardprint?
RewriteEngine On 
RewriteCond %{HTTPS} !on 
RewriteRule (.*)
https://%{HTTP_HOST}%{REQUEST_URI}

 
12.Block script execution.

You can stop scripts in certain languages from running with this:

Options –ExecCGI 
AddHandler cgi-script .pl .py .php .jsp. htm .shtml .sh .asp .cgi

Just replace the types of scripts you want to block.

 
13.Set up a 301 redirect.

If you move around the structure of your site and need to redirect some old URLs to their new locations, the following bit of code will do so for you:

view plaincopy to clipboardprint?
Redirect 301 /original/filename.html
http://domain.com/updated/filename.html

 

 Important Note:

 

1-Be careful of spelling- .htaccess is not forgiving of spelling errors.
2-htaccess is case sensitive. If something is shown in the examples with a capital letter, make sure it’s capitalized in your htaccess file.

 

For readers interested in advance knowledge, I will recommend the following guides:

 

While preparing this article, I have taken benefit from many good tutorials on the web,like:


Read the original blog entry...

More Stories By Mohsin Khawaja

Mohsin Khawaja is a Internet Marketing Manager at Intellectual Works.He occasionally writes on various IT topics along with various SEO, SEM and Internet Marketing articles.
http://www.linkedin.com/in/khmohsin