htaccess Tutorial

Untitled Document

In this tutorial you will find out about the .htaccess file and the power it has to improve your website. Although .htaccess is only a file, it can change settings on the servers and allow you to do many different things, the most popular being able to have your own custom 404 error pages. .htaccess isn't difficult to use and is really just made up of a few simple instructions in a text file.

NOTE: You can use any text editor to create or make changes to .htaccess files. Keep in mind that commands in these files should be placed on one line only, so if your text editor uses word-wrap, make sure it's disabled. Be sure .htaccess file is uploaded in ASCII mode, not BINARY, or it won't work.

Your text editor or operating system may probably not allow to save file as .htaccess. The solution is to save the file as htaccess.txt and upload it to your server. After doing that, you should use your FTP client and rename the file to its proper name.( To Enable mod_rewrite [goto : tutorial])

What can you do with it: 

There is a huge range of things .htaccess can do including: password protecting folders, redirecting users automatically, custom error pages, changing your file extensions, banning users with certian IP addresses, only allowing users with certain IP addresses, stopping directory listings and using a different file as the index file.
  • Error Documents
  • Password protection
  • Enabling SSI via htaccess
  • Blocking users by IP
  • Blocking users/ sites by referrer
  • Blocking bad bots and site rippers (aka offline browsers)
  • Change your default directory page
  • Redirects
  • Prevent viewing of htaccess
  • Adding MIME types
  • Preventing hot linking of your images and other file types
  • Preventing directory listing

There are two main reasons to avoid the use of .htaccess files.

The first of these is performance. When AllowOverride is set to allow the use of .htaccess files, Apache will look in every directory for .htaccess files. Thus, permitting .htaccess files causes a performance hit, whether or not you actually even use them! Also, the .htaccess file is loaded every time a document is requested.

Custom error pages 

The most common errors are 404 (Not Found) and 500 (Internal Server Error). Design your custom Web pages for these errors (you aren't limited to these errors, you can create an error page for each and every error). Add the following commands to your .htaccess file...

ErrorDocument 404 /404.html
ErrorDocument 500 /500.html

Other example(s) :

100% Prevent Files from being cached

This is similar to how google ads employ the header Cache-Control: private, x-gzip-ok="" to prevent caching of ads by proxies and clients.

<FilesMatch "\.(html|htm|js|css)$">
FileETag None
<IfModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"

Deny everyone access, then allow certain hosts/IP addresses

AuthName "Chi's Secret Area"
AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from
allow from
allow from
allow from

Allow everyone except for certain hosts/IP addresses

AuthName "Chi's Secret Area"
AuthType Basic
<Limit GET POST>
order allow,deny
allow from all
deny from
deny from
deny from
deny from

Redirect from old domain to new domain

You can use the code below if you have changed domain and want users on your old domain to be redirected to your new domain.

RewriteEngine on
RewriteRule ^(.*)$$1 [R=301,L]

If a user visits he will be redirected to the same page on The R=301 part make it a permanent redirect by sending a “301 Moved Permanently” status code to the user’s browser.

Redirect to www

So you only want users to visit and not Htaccess redirects can solve this too. Copy the code below into a .htaccess for redirecting all visits to your www domain.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^ [NC]
RewriteRule ^(.*)$$1 [R=301,L]

Block script execution.

You can stop scripts in certain languages from running with this:

Options -ExecCGI
AddHandler cgi-script .pl .py .php .jsp. htm .shtml .sh .asp .cgi

Force a file to download with a “Save As” prompt.

If you want to force someone to download a file instead of opening it in their browser, use this code:

AddType application/octet-stream .doc .mov .avi .pdf .xls .mp4

Protect your site from hotlinking.

The last thing you want is for those stealing your content to also be able to embed the images hosted on your server in their posts. It takes up your bandwidth and can quickly get expensive. Here’s a way to block hotlinking within htaccess:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([ -a-z0-9] \.)?domain\.com [NC]
RewriteRule \.(gif|jpe?g|png)$ - [F,NC,L]
(Of course you’ll want to replace the domain\.com with your own domain name.)

Set Timezone of the Server (GMT)

SetEnv TZ America/Indianapolis

Digg Google Bookmarks reddit Mixx StumbleUpon Technorati Yahoo! Buzz DesignFloat Delicious BlinkList Furl

0 comments: on "htaccess Tutorial"

:) ) ;) ) ;;) :D ;) :p :( ( :) :( :X =(( :-o :-/ :-* :| 8-} :) ] ~x( :-t b-( :-L x( =))
Post a Comment