Have you ever wanted to create a directory to your website that is available for certain people? The options have proved frustrating for website owners who are faced with inadequate privacy options. If you have or are currently facing this dilemma, then htaccess is the key to your privacy questions.
Related Post:
Essential WordPress htaccess hacks
Htaccess proves safe with incredible privacy options
There are different ways to password protect portions of your website, such as language based options being PHP, ASP, PERL and on the client-based side, JavaScript. JavaScript is not as reliable as a server-side privacy option. A server-side challenge/response proves more reliable than a client-dependent challenge/response option. Htaccess is as safe as they come or need to be with providing privacy to portions of your website.
JavaScript Kits
If you are not comfortable with htaccess, you can always password protect your web pages in other ways with JavaScript Kits providing a plethora of password protection scripts at your service. Create a file and name it .htpasswd. In the file, store the encrypted username and password for people who are granted access.
Important note about htpasswd files
For security reasons, you should never upload the htpasswd file to directories that are accessible to the web. The file should be placed above the www root directory. You can always identify the areafor the file later. Ensure that you remember where you put the file. Write it down if you have to. The file should never be uploaded as a BINARY file. You should always upload the file as ASCII.
Create a new htaccess file with this code:
- AuthUserFile /usr/local/you/safedit/ .htpasswd
- AuthGroupFile / dev/null
- Authname EnterPassword
- AuthType Basic
- Require user wsabstract
Important note Explanation of the first line of code
The first line provides the full server path to the htpasswd file. If you have scripts on the server, you are probably already familiar with this task. Ensure that it is not a URL for this is a server path. If you putthe file (htaccess) in the root directory, it will password protect the entire website, which will prove to be a pain in the rear.
Explanation of the last line of code
The require user line is where you need to enter the usernames of everyone who is granted access to portions of the website. You should note that this will accept only the individual users to have access to that particular directory.This applies if you had anhtpasswd file that contained multiple users’setup in it and you wanted users to have access to a certain directory. If you want the whole list of users to have access to the directory, you should put “require valid-user” in the place of “Require userxx).
Deny/Allow directory browsing
When directory browsing is turned on, people who access your website URL with no pages or an index page can easily see folder lists and file lists. If you want to prevent access to the directory, simply put the following line into your .htaccess file. IndexIgnore*/*
Many companies by default deny directory browsing.If you need to enable directory browsing, place Options + Indexes in the .htaccess file.
Redirecting visitors from one directory/page to another
This proves simple. Please see the example below and put similar lines in your own .htaccessfile in the root folder and the code will do the rest. Please remember to use permanent keyword in line to tell the search engines that the old link has been moved to a new link. You can setup various redirects.
Syntax: Redirect permanent [old directory/file name] [space] [new directory/file name]
Redirect permanent /olddirectory /newdirectory Redirect permanent /olddirectory /somedirectory/newdirectory Redirect permanent /oldhtmlfile.htm /newhtmlfile.htm Redirect permanent /oldhtmlfile.htm http://your-domain
To prevent hotlinking of your website images
If your website contains images that other people are linking to with you left holding the bandwidth bill, use the following line:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER}^http://(www\.)?your-domain.com/.*$[NC]
RewriteRule .(gif|jpg)$ - [F]
Most hosting companies offer this feature in their control panels, such as CPanel. This will require the mod rewrite engine to be on in Apache on the web server.
Ensure that you change [your-domain] with YOUR domain name [without www], and instead of using (www.\), use your subdomain name (sub-domain.\)
Changing default index page of a site or directory
Hosting companies have index.htm, index.html, index.php, index.asp, default.asp, default.html as their default index page names in their web server settings. If your directory or site does not have a file name that matches a name from the above list, chances are, your visitors will see the file lists and folder lists, or they will not see anything. To change the default index page names for a site or directory, place the following line in the .htacessfile of the root folder or directory that you want to change the index page name.
DirectoryIndex homepage.htm
DirectoryIndex somepage.htm
If you need to have more names, place a space between file names and it will find the file names as index page names.This means if it locates a file matching names you supplied [in a given order] in .htacess, it will open the page as the index page for the directory.
You can also use the following line with different names:
DirectoryIndex homepage.htmlsomepage.htmlmyindexpage.htmlanything.html
Some good articles related to htaccess from the web
Beginners Guide to.htaccess File with Examples
This article is a contribution by Alfred Richards, Alfred is an online programmer with great experience and exceptional knowledge of online programming.
