htAccess
<--------------------|-------------------->
Overview
Using a custom .htaccess file has many advantages, which I will explain in this
tutorial. Such advantages include having customg error pages, changing the default
web page for a directory, denying user access, enabling SSI in .htm and .shtml
files, password protecting a directory, and protecting files from being leeched.
Requirements
In order to use a .htaccess file on your site, the web server you are on must
be running off of Apache. Also, some servers may restict you from using .htaccess
files. You may want to contact your system administrator for information on
this. Some of these directives may not work for you for a number of reasons.
Also, if you are running on a windows operating system, it may stop you from
creating a file called .htaccess. If this happens, I suggest you upload a file
with all the .htaccess directives you want, then rename it to .htaccess.
Password
Protection
By simply adding a few lines of coding to your .htaccess file, you can securly
password protect a directory. This is probably one of the most secure methods
of doing this. There is only one thing about the server you need to figure out
to password protect a directory with a .htaccess file, and that is the system
path to your site. If you do not know this, I suggest you contact your system
adminstrator to find out. Now, the first step to password protecting a directory
on your site is to add the following lines to your .htaccess file:
AuthUserFile /path/to/.htpasswd
AuthName ToolBox Example
AuthType Basic
<Limit Get>
require valid-user
</Limit>
/path/to/.htpasswd should be replaced with the system path to your .htpasswd
file, which I will explain about in a moment. ToolBox Example is what
the user will see when prompted for their login. You don't have to edit anythng
else. Now, about that .htpasswd file. This is the file where the username/passwords
will be stored. The .htpasswd and .htaccess files do not have to be in the same
directory. In order to do add logins, you will have to have a password encryption
program that can encrypt the password(s). If you know how to setup perl
scripts, then I suggest you try CGI Factory's
password script. It is great for managing accounts. If you need more information
on encrypting passwords, email me or
message on ICQ at 37689337 and I'll see what I can do.
Custom
Error Pages
Custom Error pages are a great thing to add to your site, and I urge you to
use them. You can have error pages for hundres of different errors, but all
you will really need is an error page for the 404 (file not found) error. The
process of adding error pages is wrather simple. First, create an error page
for a specific error code. Then, just add the folowing line to your .htaccess
file:
ErrorDocument ERROR# url-of-error-page
Replace ERROR# with the error code you want to use. Then, replace url-of-error-page
with the URL of the error page that you created. There is no limit to how many
error pages you can have. Below is a sample of the error documents that are
in the .htaccess file at my site:
ErrorDocument 400 /400.shtml
ErrorDocument 401 /401.shtml
ErrorDocument 403 /403.shtml
ErrorDocument 404 /404.shtml
ErrorDocument 500 /500.shtml
The 400 error means bad request, 401 means Authorization Required, 403 means
Forbidden, 404 means File not Found, and 500 means configuration error.
Directory
Index
The Directory Index directive allows you to change what the default page for
a directory will be. You may want to use blah.shtml wrather then index.shtml
as the default page. Below is the code that allows you to do this.
DirectoryIndex filename.shtml
Below is an example of my .htaccess file. I wanted to use index.cgi as the default
page, but it would only except index.shtml, index.htm, index.shtml, and index.shtm.
DirectoryIndex index.cgi
Denying
Access
Is there somebody that you don't want accessing your site? The only thing that
you need is their IP address. To deny somebody from accessing your site, add
the following lines to your .htaccess file
<Limit GET>
order allow,deny
deny from 24.21.24.5
allow from all
</Limit>
Replace 24.21.24.5 with the IP of the person you don't want accessing your site.
If you want to deny multiple people, then add more deny from 24.21.24.5
lines.
Enabling SSI in .htm and .shtml
files
On some servers, they don't allow you to use SSI in .shtml
or .htm files. To enable SSI in these types of files, add the following lines
to your .htaccess file:
AddType text/html .shtml .shtm .htm .shtml
AddHandler server-parsed .shtml .shtm .htm .shtml
Anti-leech
If you are like me, you know what it feels like to have files leeched off of
your site. Fortunatly, there is an easy way to prevent this. By simply adding
a few lines to your .htaccess file, you can securly stop people from leeching
off of your site. Add the following lines to your .htaccess file to set up an
anti-leech:
AuthUserFile /dev/null
AuthGroupFile /dev/null
RewriteEngine On
RewriteCond %{HTTP_REFERER} !>http://www.warzone2000.com/ [NC]
RewriteRule /* http://www.warzone2000.com/leech.shtml [R,L]
Replace the http://www.warzone2000.com/ in RewriteCond %{HTTP_REFERER} !>http://www.warzone2000.com/
[NC] with the URL that downloads will be allowed from. Replace the http://www.warzone2000.com/leech.shtml
in RewriteRule /* http://www.warzone2000.com/ [R,L] with the URL where
people will be forwarded to if they try to download a file with an unauthorized
referal.
