Recently I found that many websites (mostly run by novice users) are using Javascript based methods for protecting their directories and websites . Though you can prevent the access to your website or a part of it  using javascript, it is not a good way of programming. The simple reason is that it is very easy to sabotage your security system and access the website as you are using a client side (Javascript runs in the browser of the web user and not in the web server) script for controlling the access. One of the recommended and easiest ways to accomplish this is to use a .htaccess file.

.htaccess file works perfectly well in Apache servers running in Linux systems. Some of the web hosts may not allow you to have a .htaccess file. But all the reputed and reliable hosting companies offer this feature and allow you to have a .htaccess file. (Nazdrovia is supporting this feature).

There are many other stuffs you can do using .htaccess file. This edition of techblog is dedicated entirely for that.

Creating the .htaccess file

If you are using a Unix/Linux machine then you can simply open you text editor (say gedit) and save it as ‘.htaccess’. But if are using a Windows based machine (say if you are using notepad or WordPad) , then you need to select the option ‘save as’ and then choose ‘all files’ (in the ‘save as type’ drop down list) before saving the file as shown below:

When you upload this file to the server, the only thing that you need to is to check whether you have enabled Front page extensions (especially if your are in Microsoft server) as these files will interfere with the other configuration files in the server.

Functions

Using .htaccess file you can perform various tasks:

• Protect a part of the website or a directory using password
• Creating custom error pages
• Changing file extensions (you can show a .php file as a .html file)
• Ban IP addresses
• Disable directory listing
• Using a custom index file (other than a index.* or default.* file)

Password protection

If you wish to enable password protected files (under a directory) or directory, the you need to add the following lines of code to .htaccess file:

AuthName "Members Area"
AuthType Basic
AuthUserFile /complete_path/.htpasswd
Require valid-user

You may edit the text ‘Members area’ to something specific to our site or service. Also, you need to give the full path for the password file (say like /home/yoursite/public_html/directory/.htpasswd)

And you can add the username and password to the ‘.htpasswd’ file in this format:

username:password

Custom Error Pages:

You can show custom error pages using .htaccess file. And for your information here are some of the common error numbers:

401 : Authorization Required
400 : Bad request
403 : Forbidden
404 : Not Found
500 : Internal Server Error

If you want to show a custom ‘page not found error’, then add the following line to your .htaccess file:

ErrorDocument 404 /404custom.html

Here you can edit the name ‘404custom.html’ to anything you like and you need to host this file in the root directory (Otherwise give the full address)

Other functions

You can disable directory listing by adding:

Options –Indexes

And you can deny IPs by adding:

deny from IP address

You may also have custom default pages by adding this:

DirectoryIndex index.php index.php5 myscript_page.pl index.html default.html

In this case , the server will recognise all these files – index.php, index.php5, myscript_page.pl, index.html and default.html – as index files.

You can redirect your users using .htaccess:

Redirect /full_path/fileold.html  http://www.yourwebsite2.com/file.html

And if you want to enable redirection for all files in a directory, then you can use:

Redirect /directory1 http://www.yourwebsite2.com/directory2

If you are getting any errors while adding the .htaccess file, then your webhost administrator will be the best person to contact.

(There are many hosting companies that are targeting gullible people by offering ‘unlimited’ packages which are good for nothing, please read this entry before signing up for services from those companies)