Advanced .htaccess tutorial

top
htaccess information

Most hosting companies will host multiple domains on one server, and all the domains use the same Web server software installed on that server. This presents a problem. What if two Webmasters using the same server need different Web server configurations? Apache addressed this by using .htaccess files.

Apache configuration

Apache, like any other software, has configuration files. Your host edits these global configuration files to serve as a default for all of the sites hosted on the server. The .htaccess file acts as a local configuration file so that individual Web sites can customize the configuration to suit their needs.

The .htaccess file

The .htaccess file is an ordinary text file that you can create using Notepad or any text editor and ftp it into your Web root directory. This file will contain the configuration statements (commands) to customize the Apache Web server software for your Web site.

Note for Windows users

Notice that the file name starts with a period (.). This is to indicate to the Linux/Unix operating system that it is a system file that is used by a server application, not by a user of the system. However, with Windows, the period denotes a separator between a file's name and its extension. As a result, if you try and create an .htaccess file in Windows it won't have a name. To get around this, create a file called htaccess.txt, ftp that to the server, and then rename it to .htaccess once it's there.


top
Password Protecting from your web site

The .htaccess is the AccessFileName in the most Apache Web servers, and it's a nice way for to password protect and/or configuration from your web site depending on the configuration off the web server.

Below I have put some examples you can use.


top
Auth Basic

Basic Authentication allows the use restrict access by looking up users in plain text password files. This is not a really secure password system, because the username and password are sending as plain text true the internet. And the passwords in the password file are crypt in basic Unix crypt what not so difficult to crack. But it's still the most common password protecting on the internet.

Module: mod_auth
OS: Unix, Linux, WinNT (with uncrypt passwords).

For to password protect a directory and all the directories below.
Put a file named .htaccess in the directory you want to password protect with the follow text.

AuthUserFile /opt/guide/www.widexl.com/.htpasswd
AuthType Basic
AuthName "Member Page"
require valid-user

For to password protect the admin.pl script.
You can use wildcards for this, like: "*.html"   "*.zip"

<files "admin.pl">
AuthUserFile /opt/guide/www.widexl.com/.htpasswd
AuthType Basic
AuthName "Administrator script"
require valid-user
</files>

AuthUserFile: This is the full path to your password file
AuthType: This need to be Basic.
AuthName: This is the name (Realm) you want to give to your password protected site.


top
Auth Digest

MD5 Digest authentication provides a more secure password system than Basic authentication, but only works with supporting browsers. The only major browsers which support digest authentication are Internet Explorer 5.0, Amaya and Konqueror from KDE2. I don't think its save for Big Brother, but it's always more save than Auth Basic. And most users are using Internet Explorer 5.0 or higher.

Module: mod_digest (old version)
Module: mod_auth_digest (new version)
OS: Unix, Linux, WinNT.

Don't use both modules on the same time.

Setting up MD5 Digest authentication is easy.
Put a file named .htaccess in the directory you want to password protect with the follow text.

Example: mod_digest

AuthDigestFile /opt/guide/www.widexl.com/.htpasswd
AuthType Digest
AuthName "Member Page"
require valid-user

Example: mod_auth_digest

AuthDigestFile /opt/guide/www.widexl.com/.htpasswd
AuthType Digest
AuthName "Member Page"
AuthDigestDomain /member/ http://www.widexl.com/members/
AuthDigestNonceLifetime 300
require valid-user

AuthDigestFile: This is the full path to your password file
AuthType: This need to be Digest.
AuthName: This is the name (realm) you want to give to your password protected site.

AuthDigestDomain: This should always be specified and contain at least the (set of) root URI(s).
AuthDigestNonceLifetime: ??

Note: The "AuthName" is very important, it has to be the same like the "realm" in the password file. The "realm" is the second field in the password file.

Example: One row in my password file is.
root:Digest Member Page:eca0249f7bf2fb3515bd7e319f5c2ab5

Here is "root" the username, "Digest Member Page" the realm and
eca0249f7bf2fb3515bd7e319f5c2ab5 my password. In this case the AuthName in the .htaccess file need to be Digest Member Page.

This is a common mistake with MD5 Digest authentication, and it's needed because the password contains the username, realm and password. You can use the realm for making groups.


top
Auth MySQL

MySQL authentication provides a more flexible and powerful system than Basic or Digest authentication. All the username's and passwords can be in One Big Database, and don't need to be on the same server where the password protected directory is.


Module: mod_auth_mysql
OS: Unix, Linux, WinNT.

Example:

AuthType Basic
AuthName "MySQL Member Page"

Auth_MYSQLhost www.widexl.com
Auth_MYSQLusername root
Auth_MYSQLpassword tengo
Auth_MYSQLdatabase members
Auth_MYSQLpwd_table widexl
Auth_MYSQLuid_field username
Auth_MYSQLpwd_field password
Auth_MYSQL_EncryptedPasswords off
require valid-user

AuthType: This need to be Basic.
AuthName: This is the name (realm) you want to give to your password protected site.
Auth_MYSQLhost: Your MySQL database hostname.
Auth_MYSQLusername: Your MySQL database username.
Auth_MYSQLpassword: Your MySQL database password.
Auth_MYSQLdatabase: This is your database with the member's info.
Auth_MYSQLpwd_table: The members info table containing (username/password).
Auth_MYSQLuid_field: The username field.
Auth_MYSQLpwd_field: The password field.
Auth_MYSQL_EncryptedPasswords: Are the password MySQL encrypt. [on|off].


top
Deny remote hosts or IP to your web site

For to deny host or IP addresses access to your site.
Put a file named .htaccess in the main directory you want to deny for access to your site.
Use a space for every host or IP you want to deny.

To deny remote hosts
<files "*.*">
Deny from .mil .gov .pol 195.12.13.156 microsoft.com 195.12.11.
</files>

To deny all remote hosts
<files "*.*">
Deny from All
</files>

top
Allow remote hosts or IP to your web site

For to allow hosts or IP addresses access to your site.
Put a file named .htaccess in the main directory you want to allow for access to your site.
Use a space for every host or IP you want to allow.

First deny all remote hosts
<files "*.*">
Deny from All
</files>
Than allow the remote hosts you want to allow access to your site.
<files "*.*">
Allow from your.remotehost.com 127.0.0.1 localhost widexl.com
</files>
For to allow all hosts.
<files "*.*">
Allow from All
</files>

top
Protecting your images and (zip) files from linking

Module: mod_rewrite

Put a file named .htaccess in the directory where you have the images located.

AuthUserFile /dev/null
AuthGroupFile /dev/null

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^http://www.widexl.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://ma.widexl.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://members.widexl.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://widexl.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://212.204.218.80.* [NC]

RewriteRule /* http://widexl.com/index.html [R,L]
By the RewriteCond change the web address name for who are allowed to use your images.
By the RewriteRule change the web address name where to send the ones who are linking to.

Note: You need to write for every web address (hostname) a new line.
Remember: http://widexl.com is not the same like http://www.widexl.com


top
If you want to use server side includes, or CGI outside cgi-bin directory

Put a file named .htaccess in the main directory off your site.

For to use server side includes for .html and .shtml files.
AddType text/html .html
AddHandler server-parsed .html

AddType text/html .shtml
AddHandler server-parsed .shtml

For to use CGI scripts outside the cgi-bin directory
AddHandler cgi-script .cgi
AddHandler cgi-script .pl

top
Add/delete extra Options on the web server

With the Options directive can you controls server features in a particular directory.
Put a file named .htaccess in the directory where you want to add/delete extra options.

For to add execution from CGI scripts.
Options +ExecCGI

For to delete the indexing a directory.
Options -Indexes

For to add execution from Server-side includes.
Options +Includes

For to add All options minus indexing a directory.
Options All -Indexes

The follow options are available
None
There are no features enabled. what means that you can do noting.
See no page, no execution off CGI scripts, no indexing, just noting
can be easy for protecting online data

All
All options except for MultiViews.

ExecCGI
Execution of CGI scripts is permitted.

FollowSymLinks
The server will follow symbolic links in this directory.

SymLinksIfOwnerMatch
The server will only follow symbolic links for which the target file or directory is owned by the same user id as the link.

Includes
Server-side includes are permitted.

IncludesNOEXEC
Server-side includes are permitted, but the #exec command and #include of CGI scripts are disabled.

Indexes
Allow to index a directory

MultiViews
For to choose automatically pages in different languages.


top
Tips and tricks

Deny remote hosts but still log them
If you have deny (only for example :) ) all .mil and .gov remote hosts
And you still want to log them in a script like the Page Guard Pro script.
Put a file named .htaccess in the directory where the script is.

<files "guard.pl">
Allow from All
</files>
Search

Tools Online SEO Tools

» Keyword Ranking
» Link Popularity Check
» Search Engine Saturation
» Meta Tag Analyzer

New Programs

» Membership Management
» Membership Management SQL
» Link Directory
» Link Directory SQL

New SEO Programs

» Meta Tag Analyzer
» Link Popularity
» Search Engine Saturation

New Free Programs

» Download Tracker
» Page Guard Pro
» Server Info

Tutorials Tutorials

» Link Popularity tutorial
» Module Rewrite guide
» Htaccess guide
» Install a CGI script

Related Links Related Links

» Business Blogs
» Hosting Resources
» SEO News
» SEO Tools