Many web servers use a configuration file called .htaccess that is based on the directory level. This file is used to provide decentralized management of the configuration of supported web servers. It was initially designed to allow access control for a specific directory with a set of rules written to the file that queried the accessing party for a password before permission was granted.
With the advances in server technology and the cultivation of the programming language, the .htaccess files now have the ability to supersede settings in other configurations through override. The content type, character set, CGI handlers and many other configuration options can be controlled by the .htaccess file.
??To use an .htaccess file, it must be placed inside a directory and have rules written to it in order to override the server’s global configuration for that specific directory and any subdirectories found within it. The ability to override the configuration of the server makes it possible to tweak access and even improve the website in many ways. By writing rules to the .htaccess file, the resulting changes to the directory configuration can enable, disable and adjust specific functionality within it.
1: Make Custom Error Pages
Changing the default error pages can really add some spice to your website. It can also be used to help your visitors understand that they have reached a location in error or that they do not have access to specific parts of the site. Any error page can be changed as long as you know the number for the page and use the following syntax in the .htaccess file.?? ErrorDocument Errornumber/file.html??”. Errornumber” can be replaced with the number of the error page; “file.html” is the name of the file to be displayed instead of the default error page. For example, the 404 page is the error page that is displayed when a visitor is trying to access something on the server that does not exist. To change that page, you would replace the information on the line of code as follows.??ErrorDocument 404/YourUniqueErrorPageFileName.html
2: Prevent Access to Directory Information
You may not want visitors to the website to be able to see the directory index and information for your website. This is a list of the files and directories on the website that are housed on the site’s host. To prevent users from accessing it, add the following to the .htaccess file:??Options –Indexes. ??This sets the options in the configuration to remove access to the indexes.
3: Allow/Disallow Access Based on IP
If you want to block or allow access to a certain directory using the .htaccess file, you can do so using these rules.??deny from 000.000.000.000??and??allow from 000.000.000.000. ??Tools such as www.WhoIsHostingThis.com can assist in finding the IP of a malicious website. If “000.000.000.000” is changed to the specific IP address or you only specify two of the numbers, an entire IP range will be affected. If you want to make the directory inaccessible by denying everyone from accessing use the following rule .??deny from all??. Of course, scripts can still access files in the directory regardless of whether access is denied to all IP addresses.
4: Change Index File
If you want to change the file used for the index rather than just blocking it from access as a directory, you can use the following rule in your .htaccess file. ??DirectoryIndex file.extension file.extension file.extension
The “file.extension” entries should be changed to whatever files should be used for the index. It works as a list from left to right, so you can add as many alternates as needed. For example:??DirectoryIndex index.php index.htm list.html otherfilename.etc??. Any file can be listed for use as an index page.
5: Password Protect Directories
Password protecting directories is possible with the .htaccess file by creating an additional .htpasswd file.?? AuthUserFile /full/path/to/.htpasswd?AuthType Basic?AuthName “Protected Directory Name”?Require valid-use. r??. These rules will password protect all of the files in the directory “Protected Directory Name” as well as any subdirectories within it. Remember to change the values for the path to the .htpasswd file.
6: Password Protect a Single File
Protecting a single file is very similar to protecting a directory. Use the following rules:??AuthUserFile /full/path/to/.htpasswd?AuthType Basic?AuthName “A Hidden Page”?Require valid-use. r??. These rules will password protect the “secretfile.html” file in the directory. Again, remember to change the values for the path to the .htpasswd file.
7: Assign Redirect Information
You can also create specialized redirects with the .htaccess file. This is especially true for the “301” permanent redirects, which help to notify the accessing party that the file has been moved as well as the new location for the file.?? Redirect /PreviousDirectoryName/PreviousFileName.html http://YourDomain.com/NewDirectoryName/NewFileName.html??. Change the values to the specific files on your server in order for this to work as a redirect option.
8: Provide Caching Rules
With site caching, you can dramatically speed up access to your site for returning visitors if files have not been changed since the last time they visited. To enable site caching with the .htaccess file, use the following code.??# Cache For 1 YEAR??Header set Cache-Control “max-age=29030400, public”??# Cache For 1 WEEK??Header set Cache-Control “max-age=604800, public”??# Cache For 2 DAYS??Header set Cache-Control “max-age=172800, proxy-revalidate”??# Cache For 1 MIN??Header set Cache-Control “max-age=60, private, proxy-revalidate”. ??Keep in mind that the number values for “max-age” are in seconds.
9: Preserve Bandwidth on PHP Enabled Servers for Performance
You can compress files on your website to help reduce the amount of bandwidth resources that are used on your server. This speeds up access for your visitors as well. Use the following rules for your .htaccess file.??# preserve bandwidth for PHP enabled servers??php_value zlib.output_compression 16386???#
10: Limit File Upload Size
If you want to prevent users from uploading files of a certain size to your website, you can do so using the following rules in the .htaccess file.??# Limit File Upload Size?LimitRequestBody 10240000??. The number used is the maximum number of bytes that are permitted to be uploaded, preventing files larger than the set size from ever being uploaded to the server. This is effective against Denial of Service attacks by malicious users.
These are just a small portion of the available options that can be changed with the .htaccess file. It is a powerful tool for controlling the way the website is accessed based on the directory configuration.