Using .htaccess

A .htaccess file is a special file that is used to tell your web server what to do if certain conditions arise. These conditions range from redirecting certain urls to handling error messages and even locking folders.

The file starts with a . to hide it from standard directory listings so that if people can see your directory listings they wil not see the .htaccess file in the list

You can just make a .htaccess file in Notepad but you may have to save it as htaccess.txt then change the name once you have uploaded it to your server via FTP

Deny/Allow Access

Ok so first thing we want to do is stop people being able to view our .htaccess files. Your server may already be set to block people viewing it but to be safe we are going to make the first entry in our .htaccess file this:

<Files .htaccess>
order allow,deny
deny from all
</Files>

The <Files filename> tag is used to specify a specifc file to apply the rules to. In this case the .htaccess file. You can use wildcards in your file name. ? can be used to match a single character where as * will match a string of characters.

The order allow,deny can also be used as order deny,allow. It's just a case of whther you want it to check the allowed list first or the deny list first. You can specify specific domain or ips to allow or deny by using "allow google.com" or "deny 127.0.0.1".

Error Handling

In this section I will show you how to handle error messages such as "404 File not found". This way you can use your own pages for error messages ratehr than the default browser or server pages. We tell the server what to do when it receives an error code with this bit of code:

ErrorDocument 404 /error404.htm

This will send the visitor to a page called error404.htm if they request a page that doesn't exist. You can also use HTML right in the .htaccess file rather than redirectin gto a page. You do this this way:

ErrorDocument 404 "<html><head><title>whoops</title></head><body>Whoops</body></html>

You will notice that we have an opening " but not a closing one. Always remember this as well as the fact that it must all be on one line.

For a list of more of the error codes goto http://www.bignosebird.com/apache/a5.shtml

URL Redirection

Sometimes we have to move old files for archiving purposes or just when we generally reorganise our site. But what about all the people that have bookmarked the old URL or linked to it? Well we can solve this by telling the server that if it gets a request for the old URL it is to send the visitor to the new URL. We do this using Redirect permanent like this:

Redirect permanent /oldpage.htm http://www.domain.com/archive/oldpage.htm

The redirect permanent tells the server that if it gets a request for the first page it is to forward the visitor to the second URL. The second URL needs to be a complete URL as it can point to anywhere, not just your domain where as the first URL has to be on your server.

Preventing Hotlinking and Bandwidth Theft

Hotlinking is where a different site is using the images, objects, or anything else from your server. For example the may be using an image fro myour site on their page but using it from your site. This wastes your boandwidth as everytime a person views the other persons page their browser requests the image from YOUR server. You can stop this sort of bandwidth theft using mod rewrite, but you will need to check with your host to see if this is enabled. Here is the code:

Rewriteengine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://your_domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.your_domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://127.0.0.1/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.trusted.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|bmp|png|mpg|mpeg|avi|wmv|mov|asf|wav|mid|zip|rar)$ - [F]

Just change your_domain.com to your domain. The www.trusted.com is just to show that you can also allow specified sites to hot link to you. This is good if you run several sites or have several domain names. Also if your site has it's own IP then change the 127.0.0.1 to that IP otherwise they can link using the ip as the address.

For a more complete list of .htaccess commands goto http://httpd.apache.org/docs/mod/directives.html