Well before I begin, here’s a little window into what htaccess (hypertext access) is all about.
An htaccess file is a simple ASCII file, such as you would create through a text editor like NotePad. Many people seem to have some confusion over the naming convention for the file, so let me get that out of the way. ‘.htacess’ is simply a file extension with no file name at all. [dot] by default makes the files hidden on almost every web servers and operating systems. In simple words, they are simple text files where you can put server directives similar to “httpd.conf” or a “php.ini” file. But the real difference is unlike these master directive files, htaccess powers you to apply directives to the directories in which htaccess resides and the subdirectories within.
Now let us come to the point for which you are here – the groovy things:
1. Password Protection
Adding password protection to your directories is a simple 2 step process.
i. Add appropriate directives to the htaccess file in the directory you wish to protect. Every subdirectory and file will be protected within.
AuthName "Section Name" //it’s the directory name you wish to protect AuthType Basic AuthUserFile /full/path/to/.htpasswd // absolute path of the .htpasswd file Require valid-user
ii. Create a .htpasswd file that contains usernames and passwords. The username password pairs must be added in the format “username:password”, where password is encrypted format of the password. You can encrypt the password using one of the premade scripts available on the web or write your own. There is a good username/password service at the KxS site http://www.kxs.net/support/htaccess_pw.html which will allow you to enter the user name and password and will output it in the correct format.
.
2. Save Bandwidth with .htaccess
You can save some bucks by putting in the code below into your htaccess file. It enables the PHP’s built-in zlib compression module. It will squeeze your bandwidth usage approximately to half or even more.
Note: if you run phpsuexec, you’ll need to put php directives in a local “php.ini” file and not in htaccess.
php_value zlib.output_compression 16386
.
3. Deny or Allow users from a particular network/IP Address:
Is there a pesky person bugging you? Stalking your site, htaccess powers you to block him/her. You can deny access based upon IP address or an IP block. The above blocks access to the site from xxx.xxx.xxx.xxx, and from any sub-domain under the IP block xxx.xxx.xxx.
* order allow,deny
deny from xxx.xxx.xxx.xxx // to deny from particular IP Address
deny from xxx.xxx.xxx. // to deny from set of IP Addresses
allow from all
* deny from all // to deny requests from all ip addresses
.
4. Custom Error Pages
htaccess allows you to have your own, personal error pages to show up when the server responds with an error code. And henceforth, give your site a more professional outlook in unlikely event of error. By doing this you give yourself a good chance to retain your almost-lost visitor. This is how you can do this. Al you need to know is the error number.
ErrorDocument errornumber /file.html
e.g.
ErrorDocument 401/errors/401.php ErrorDocument 403/errors /403.php ErrorDocument 404/errors /404.php ErrorDocument 500/errors /500.php
.
5. STOP Directory index from listing
Many times you might have faced the situation that you do not have index file in your directory. In such case all the files just get listed in the browser that can lead to security risks. With htaccess you can plug this.
All you have to do is type in Options -Indexes into your htaccess file and no more directory listings.
.
That’s it!
Cheers!!