Viewing Thread:
"Configure and Control with .htaccess"

Configure and Control with .htaccess

If you have a website with Freeola, or any other hosting firm, chances are you don't have direct access to the server's configuration files. They're likely locked down by the host's admin staff to stop people running riot with changes. Fair enough. But there is a way that lets you change server-wide settings for your site, without needing administrator privileges on the server. It's called an .htaccess file.

What is an .htaccess file?

An .htaccess (hypertext access) file allows you to configure your site for certain server-side settings, even if you don't own the whole server. Basically, even though your website is hosted by someone else, you still have some control over the web server settings.

'Web server settings' - sounds complex. What does that actually mean?

You can do all sorts of cool stuff with the .htaccess file.

- You can create custom error pages that will show when you get 404 / 403 / 501 error messages. Instead of the browser default, you can set them to go anywhere you want - maybe a page with a search box if the address typed is invalid, or a login page if you get a '403 - Forbidden' error.

- You can password protect areas of your site that only people with user IDs and passwords can access

- If someone tries to hotlink any of your content, you can serve a warning instead. Hotlinking is when someone links to an image on your site, rather than hosting it themselves, and costs you bandwidth whenever someone loads up the other person's page.

- Change file extensions for your dynamic pages to whatever you like - so you can create cool RSS feeds that are dynamic, by associating your dynamic page types (for me, PHP) with the .xml format

- Redirect users from one page to another - for example allowing users to type your web address without the 'www.', or pointing people from the home page to a new site

-Deny certain users from accessing your site - by domain name (e.g. www.spammer.com) or by IP address (e.g. 101.45.43.2)

-You can stop people from viewing the 'directories' or file structures of the various folders of your website

What I'll Cover...

1) How to create your own .htaccess file
2) How to redirect users
3) How to serve custom error pages
4) How to block or allow IPs and domains
5) How to block people viewing the folder structures of your site
6) How to stop hotlinking of your content and serve them a 'warning' ;)
7) How to associate file extensions
8) How to password protect folders

What You Need...

- Webspace of some sort
- A webhost that supports '.htaccess'
- A text editor (I use 'Notepad')

============================================
What you need to know - PLEASE READ

- These commands are all fairly simple, and by following the instructions and taking things 1 step at a time your site will be fine. However, if you're not hugely familiar with managing websites / servers, or want to double check anything, do post below or let me know (my address at the bottom of the page)

- If I put any content inside < this kind of 'angle brackets� > then it means it's something YOU have to change with your own content. For example:

ErrorDocument <error number> <error document path>

means '' and '' need to be edited by you. This could be:

ErrorDocument 501 /errors/501.php

See what I did there? My '' was '501', and my '' was '/errors/501.php'.

Right, let’s get started...
===========================================

1) How to create your own .htaccess file

- Open up your text editor of choice
- Save a blank file, using the filename .htaccess
- Make sure when you save in Notepad to change the 'Save as type' dropdown to 'All Files'. This will ensure that it is saved as .htaccess, and not .htaccess.txt
- If you close the file, then try and open it from wherever you saved it, Windows might ask you want program to use to open .HTACCESS files - this is good! Choose 'Select a program from a list of installed programs', then select 'Notepad'
- Great! You've got a blank .htaccess file.
- Once you're ready to go, upload this file (in ASCII mode of your FTP program) to the top level directory of your website (except for 'Howto #8' - explained below)

TOP TIP For every new command in your .htaccess file, take a new line!

2) How to redirect users

Probably the easiest thing to do with an .htaccess file – a way to quickly re-direct users from 1 page to another.

Redirect <old file> <new file>

It’s that simple – an example below:

Redirect /oldplace/oldfile.php http://www.synae.co.uk/index.php

3) How to server custom error pages

One of the most common tasks .htaccess files are used for is to redirect visitors on your site to custom error pages. To do this, type or copy the following into your .htaccess file:

ErrorDocument <error number> <error document path>

where is one of the HTTP4.0 standard error numbers, such as:

'400' (Bad Request)
'401' (Unauthorized)
'402' (Payment Required)
'403' (Forbidden)
'404' (Not Found)

and is the webpage you want to show instead. For my website, it's '/errordocs/404.php'. That means, for me, the custom error line is:

ErrorDocument 404 /errordocs/404.php

You can do this for all the standard errors!

4) How to block or allow IPs and domains

You can quickly and easily blacklist, of even whitelist, IPs and domains to your site using the .htaccess file. Here's how:

order allow,deny
deny from .freeola.com
deny from de.synae.co.uk
allow from 255.254.253.252

This would block all freeola.com domain and subdomains, the subdomain 'de.synae.co.uk', and allow only from the specified IP address '255.254.253.252'. Obviously that example is pointless (no need to deny anyone if you're only allowing 1 IP address) but you can see the possibilities...

Whitelist only website:

order allow,deny
allow from 101.0.0.0

- this allows access only to IP addresses from 101.0.0.0 to 101.255.255.255.

Blacklist websites:

order allow,deny
deny from .spammer.com

- this denies access to anything from .spammer.com/

5) How to block people viewing the folder structures of your site

A simple one this. Don't want people to check out the files that make up your site? Or to just randomly download whatever media they please? Add in:

IndexIgnore *

You can be more granular, and specify what file extensions to ignore, like this:

IndexIgnore *.jpg *.png *.mov

will list everything EXCEPT jpgs, pngs, and movs.

6) How to stop hotlinking of your content and serve them a 'warning' ;)


Nobody likes having their content hotlinked. It's effectively stealing bandwidth, and it's just not cool. But how can we stop the pesky bandwidth bandits? Your top-level .htaccess file, of course.

TOP TIP MAKE SURE and use the main .htaccess file, that is, the one with the error documents mentioned, and not the password protect one!

Just type the following in the .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?<your domain name>/.*$ [NC]
RewriteRule .(gif|jpg|avi|png|tif|mov)$ http://www.<your domain name>/<your image> [R,L]

replacing with your domain, and with whatever picture you want to show if people do try to hotlink you. So for me:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?synae.co.uk/.*$ [NC]
RewriteRule .(gif|jpg|avi|png|tif|mov)$ http://www.synae.co.uk/uploads/getlost.gif [R,L]

See the bit (gif|jpg|avi|png|tif|mov)? You can add in any file extension you like here, and it'll be blocked.

7) How to associate file extensions

Want to create your own crazy file extensions? Or associate one file extension with another? This can allow you to make dynamic XML RSS feeds, or PHP pages that have a file extension .girlypants. Whatever takes your fancy...

To do this, simply type:

AddType <type 1> <type 2>

Where is the type that should become. So, for me:

AddType application/x-httpd-php .xml

makes .xml pages get treated as .php compatible. Yay dynamic code! Note that is in the form of the MIME type, some examples of which can be found here

8) How to password protect folders

There are 4 basic steps to password protection using .htaccess:

A) Create a new .htaccess file for the directory you want to protect.
B) Create a new .htpasswd file with the usernames and passwords of people who can access this directory.
C) Upload .htaccess to the directory you want to protect.
D) Upload .htpasswd to a SAFE directory that isn’t accessible on the web

Step A) is easy - just do it the same way as before. Step B) is almost as easy - just call the file .htpasswd instead of .htaccess. Steps C) and D) is as just a case of transferring the files to your webspace, in the right places

Inside the new .htaccess file, type:

AuthUserFile <full path to .htpasswd>
AuthType Basic
AuthName "<area name>"
Require valid-user

where is the full directory path to the .htpasswd file - you'll probably need to ask your web server admin for this information, or check on their hosting FAQs. is just the name of the section you want to be 'special users only'. So, for me:

AuthUserFile /home39c/sub001/sc30718-XHYM/notTelling/.htpasswd
AuthType Basic
AuthName "FORBIDDEN AREA"
Require valid-user

The .htpasswd file is even more simple. Each line is:

<username>:<encrypted password>

So, for example:

phuzzy:54tregrfg4tgrebgf

But how do I get an encrypted password? Easy. Generate them here

Insert all of the username / password combinations inside the .htpasswd file, like this:

phuzzy:$apr1$kwmc2/.. $q9thjOSKSwExNBi1

Finally upload to the directory you want to protect, and it'll then be locked!

In conclusion

.htaccess is a powerful way to change settings on your server, without the stress of hosting a website on your own server. However, what’s included here is only a snapshop of the things you can do. I’ll post on the more advanced features soon, but as a starting point, you can look at the Apache web server ‘.htaccess’ documentation for more info on how to best use the file:

Apache .htaccess Information

Thanks,

Phuzzy

===================================
If you’ve spotted an error, require clarification or need a hand, please just post and let me know, or give me a shout on paul [at] synae [dot] co [dot] uk

thanks

Not related to the "problem" but I thought I'd mention I read through the accounts of the coast to coast walks on the site and enjoyed them. :)

Just to be clear I am on VIP hosting.
John

There still still seems to be some difference between the way the MIME types are handled with Freeola Standard and VIP hosting...








[s]Hmmm...[/s]

Well, I've had another look into this and have discovered the following:
1. It's important to clear your browsing history before trying something new which may explain the confilicting results obtained by Hmmmm and Warhunt.
2. IE7, IE8, Firefox and Safari all behaved the same. Without the .htaccess file in the root directory they displayed the file rather than asking if you wished to open or save it.
3. IE6 appears to open it even if the .htaccess file is not present. (Although this could be to do with the browser having previously loaded the page when the .htaccess file was present.
4. Opera, I believe, originally asked if I wished to Save or Open the kml file with the .htaccess file present and then failed to when I removed the .htaccess file. However, when I replaced the .htaccess file I failed to get Opera to offer to Save or Open the file.

Generally a satisfactory outcome as far as I am concerned although still slightly puzzling.

Thanks for your help.
John

Many thanks Hmmmm and Warhunt for your help and advice. Sorry that the link on the old provider's site was not working (I had transferred the domain to which it was pointing although the link on the map image is still OK).

I looked at the Google link you posted, Hmmmm, and used the suggestion to make an .htaccess file with the following:

AddType application/vnd.google-earth.kml+xml .kml
AddType application/vnd.google-earth.kmz .kmz

This seemed to do the trick and Warhunt you may have looked (2.49pm) after I fixed it as it was around this time. I did have to reopen my browser before tryig it after I uploaded the .htaccess file.

I am using FF6 and haven't tried other browsers yet but will investigate further when I get a moment. I will also try removing the .htaccess file and see if the problem reappears. I'll let you know how I get on.

Once again thank you both for your help.
John

Looks like some of it might be browser related...

My test page opens Google Earth using IE7, but only displays the XML when I click the OP's link.

In FF 3.6 I also get the 'open/save' dialogue box in IE7/FF.

It would be good to hear back from the OP... :¬)

[s]Hmmm...[/s]

Motomoto and me have bothe checked it using IE8 and FF. The link that says ( Page hosted by Freeola) and clicked on the top link. Gives me the option to Save...etc. Sure that was the issue.

Downloaded it safely too.

Warhunt wrote:
> Looks like the you may have resolved the issue yourself as the
> example on our hosting seems to work. Either that or it is linked
> incorrectly on here?


yladnhoj's Freeola hosted example still fails for me ???






[s]Hmmm...[/s]

Looks like the you may have resolved the issue yourself as the example on our hosting seems to work. Either that or it is linked incorrectly on here?