.HTACCESS ON LINUX HOSTINGS.
.htaccessFilesonLinuxHostingAccounts
.htaccess
files allow you to control access to parts of your website. There are many ways
in
which
to use .htaccess, including password protection of directories, URL rewriting
with
mod_rewrite,
custom error 404 pages, redirection, and banning undesirable spiders.
.htaccess
files can only be used on our Linux hosting accounts.
Warning
.htaccess
files can do more harm than good if used incorrectly and should only be used by
experienced
users. There are many other ways in which to control access to your site with
Perl
(CGI) or PHP scripting. If you need to use .htaccess files on your site and do
not have
experience
of creating and using them, you should employ someone that does have
experience
of .htaccess files. Any use you make of .htaccess is entirely at your own risk.
We
will
not correct errors in your code and we provide no further support for your use
of
.htaccess
than the content on this page.
Uploading,
Modifying and Deleting .htaccess Files
.htaccess
and other files beginning with a '.' will not normally be visible in your FTP
client.
Create
and save your files on your computer as plain text files such as htaccess.txt.
You can
then
transfer these in ASCII mode to the correct directory and use your FTP client
to rename
them.
Renaming htaccess.txt to .htaccess will replace your existing .htaccess file.
You
can modify your .htaccess files by uploading the modified htaccess.txt file
with FTP and
then
renaming it to .htaccess. This should replace the existing file. Because you
cannot see
.htaccess
files with your FTP client, you will be unable to delete them via FTP. Rather
than
removing
them, you could try uploading an empty text file and renaming it to .htaccess.
Password
Protected Directories
You
can create your own .htaccess files to password protect directories on your
account. Your
.htaccess
file should look something like this:
AuthType
basic
AuthName
"Secure Directory"
AuthUserFile
/www/SITENAME/public_html/.htpasswd
AuthPAM_Enabled
off
<limit
GET PUT POST>
require
valid-user
</limit>
AuthName
can be any name you like for the secure area. This will be shown on the
dialogue
box
that requests the username and password. AuthUserFile is the full path to and
filename
for
your .htpasswd file containing your list of usernames and passwords. SITENAME
will be
your
site username. You can find the site username by connecting to your site with
WS_FTP
and
clicking DirInfo.
You
also need to create a .htpassword file. This contains the list of usernames and
encrypted
passwords
which look like this:
john:joVrhn8vGVM1k
fred:fr51bDvIVirJM
You
can create encrytped passwords using the Encrypt UNIX Password tool available
from
http://www.magsys.co.uk/.
You can copy and paste the usernames and passwords into
htpasswd.txt,
FTP the file to your account and rename it to .htpasswd.
If
you need password protection on more than one directory, you can create
separate
.htpasswd
files with different names. Ensure you reference these correctly from your
.htaccess
files.
Custom
Error Pages
.htaccess
allows you to use your own custom error pages very quickly and easily. Any time
someone
tries to access a page that does not exist or a page they are not permitted to
view,
present
them with a custom error page that matches the style of your site. Custom error
pages
can be used for many errors, but we'll demonstrate the use of the custom 404
error
page.
Create
a custom 404 error page in HTML and upload it to the root directory of your
site as
error404.html.
Create a text file called error.txt with the following content:
ErrorDocument
404 error404.html
Upload
error.txt to your root directory in ASCII mode and rename it to .htaccess. Now
whenever
someone attempts to access a page on your site that does not exist, they will
be
presented
with your own custom 404 error page.
You
can use similar terminology for other errors. You can use any name that suits
you for the
error
page. You don't even need to use an HTML page - you can use HTML and text
instead of
an
error page. You can also redirect users to other pages on your site, even other
domains.
The
following are just some examples of how to use custom error pages:
Error
Meaning Example Code To Use
400
Bad Syntax ErrorDocument 400 error400.html
401
Unauthorised ErrorDocument 401 unauthorised.html
402
Not Used ErrorDocument 402 error402.html
403
Forbidden ErrorDocument 403 forbidden.html
404
Not Found ErrorDocument 404 "<h1>Sorry, that page does not
exist</h1>"
500
Internal Error
ErrorDocument
500
http://www.anothersite.com/anotherpage.html
501
Not Implemented ErrorDocument 501 error501.html
502
Overloaded ErrorDocument 502 error502.html
503
Gateway Timeout ErrorDocument 503 error503.html
One
final point is that your .htaccess file will affect all directories below it.
If you only want to
use
custom error pages only in one subdirectory, place the .htaccess file and the
error page
in
that subdirectory and ensure the path in your .htaccess file points to the
correct error
page.
Redirecting
Redirecting
users to other pages or directories is very easy and useful if you remove pages
or
reorganise
your site. To redirect a user from pagename.html to newfile.html in another
directory,
simply use code similar to this in your .htaccess file:
Redirect
/olddirectory/pagename.html /newdirectory/newfile.html
To
redirect all users attempting to access any part of a directory, use the
directory name
without
a trailing slash or pagename. To redirect users to another domain, you can use
the
full
URL of http://www.anothersite.com
Rewriting
URLs
Rewriting
URLs is a technique used by webmasters to create search engine friendly URLs
for
forums,
shopping carts and other dynamic sites. Search engines can often be unable to
spider
dynamic URLs with ?, &, = and other symbols necessary for your dynamic site
to
function
correctly. URLs are rewritten using the Apache mod_rewrite module.
Rewriting
URLs is a very advanced technique that should not be extensively tested on a
private
(test) site prior to use with a live site. We will not provide full information
here, just a
very
brief guide to what mod_rewrite can do and why it is used.
A
shopping cart or forum page might normally have a URL of say
www.yoursite.com/cgi-bin/search.cgi?ID=7&item=123
which
is not very search engine friendly. mod_rewrite allows you to use a displayed
URL of
say
which
is search engine friendly. When the second (friendly) URL is entered,
mod_rewrite
converts
it invisibly to the first so that the script (in this case search.cgi) can
process it.
The
scripts will also need to be modified to output search engine safe URLs that
can be
processed
by mod_rewrite. Sometimes you will need to use multiple lines in .htaccess to
force
rewriting of URLs with different numbers of parameters.
For
more information on rewriting URLs and sample code, see the following sites:
Apache
mod_rewrite guide
Ralf
Engelschall's URL rewriting guide
Access
Control and Banning Spiders
You
may wish to exercise control over which browsers or spiders can access your
site. For
example,
you may wish to ban "undesirable" spiders such as those that ignore
your
robots.txt
file or only exist to gather email addresses in order to send spam.
You
can do this using mod_rewrite. Ralf Engelschall's page as listed above has a
section
about
banning robots.
If
you are banning robots and spiders, you also need to know which user agents to
block.
Check
your statistics for user agent strings that you don't recognise and search for
that string
on
a search engine. This should return some information about that user agent. If
it appears
to
be undesirable, add it to your .htaccess file.
Remember
to test your .htaccess script on a private (hidden) area of your site to ensure
everything
works as it should prior to using your script on your main site.
More
Information
.htaccess
files have many more uses than we have listed here. If you need more
information
about
.htaccess files and their uses, use a search engine. Please remember that we do
not
provide
any further information or support for your use of . .htaccess. Any use you
choose to
make
of .htaccess is entirely at your own risk
0 comments: