Support Forums

In this tutorial I will be going through the .htaccess file that can really keep your site secure and safe. I hope you enjoy reading and feedback and comments are always welcome so please reply below.

Index - Sections

URL Redirection
Changing Error Pages
Protecting folders and directories
Blocking specific users from your site
Set server time zone
Stop Script Execution
Secure your .htaccess

What is .htaccess?
.htaccess is a file that is run on an Apache server. The Apache server will read your .htacces file which will allow you to configure and customize the way your site appears to normal users with custom commands.

URL Redirection
This is really quite easy to implicate and simple to grasp. Please look at how to do it below:

SYNTAX -

Code:
Redirect [Virtual URL to be redirected [Full or exact URL you want to redirect too]

EXAMPLE -

Code:
Redirect /olddir/file.html http://yoursite.com/newdi/file.html

Protecting Folders/Directories
This is again quite simple and is fantastic in my opinion, please read below:

SYNTAX - (One File!)

Code:
<Files secure.php>

AuthType Basic

AuthName “Password Required”

AuthUserFile /home/path/.htpasswd

Require valid-user

</Files>

SYNTAX - (Directory!)

Code:
resides

AuthType basic

AuthName “This directory is protected please leave”

AuthUserFile /home/path/.htpasswd

AuthGroupFile /dev/null

Require valid-user

Blocking Specific Users
This is a great way to stop users viewing your site all together. Makes it so they can't access or view any feature. You can also stop domains from viewing!

Here we have two main commands, 'deny' and 'allow'. Simply interchange as you wish.

SYNTAX -

Code:
order allow,deny

deny from 111.82.3.1

deny from 182.45.1.8.

allow from all

EXAMPLE

Code:
order allow,deny

deny from 123.45.6.7

deny from www.google.com

allow from all

Set Server Timezone
This isn't vital but I think it's useful:

SYNTAX -

Code:
SetEnv TZ [Location]

EXAMPLE -

Code:
SetEnv TZ America/Las_Vegas

Stop Script Execution
This command will stop certain script types from being executed on your site. Really good to stop upload such as shells or viruses

SYNTAX -

Code:
Options -ExecCGI

AddHandler cgi-script [file extension or file extensions separated with spaces]

EXAMPLE -

Code:
Options -ExecCGI

AddHandler cgi-script .pl .py .php .jsp .htm .shtml .sh .asp .cgi

Protect your .htaccess
This command will protect your .htaccess file from any unauthorized people accessing it:

SYNTAX -

Code:
<Files .htaccess>

order allow,deny

deny from all

</Files>

This now concludes my .htaccess tutorial. If this helped or if you have any feedback then please comment below.

Regards,

- Sam

Spoiler (Click to View)

Thanks, very detailed!

No problem it's why I'm here.

Bumping this thread. Need more views and comments please.

Very nice tutorial, easy follow, well formatted and well explained.

ErrorDocument is also good for custom error pages

Code:
ErrorDocument 500 /500.php

ErrorDocument 404 /404.php

ErrorDocument 403 /403.php

ErrorDocument 401 /401.php

Though, I think if your site gets attacked a lot, and you block at site level, you should use a small 403 page like "<u>403</u>: No access.".

Also

Code:
DirectoryIndex index.php default.php page.php *

Will set default pages for directory's, ordered by priority if the other isn't available, the "*" at the end, will issue a 403 if none are available, instead of listing out the directory, though, index page really shouldn't be missing any way.

Thanks very much for your comments Cida. I appreciate your input as well. Thank you.

I will be sure to use this many thanks, ~A

No problem, glad you liked it.

- Sam

Infact ; Do I need a file called .htaccess?

~A

Well I would recommend it.

Sam

iPlay

Sam

Sam

Cida

Sam

Ally Mac

Sam

Ally Mac

Sam