Htaccess - Part 2

In this part you’ll learn how to ban certain visitors from your site, automatically redirect visitors, disable hostlinking of images, password-protect your directories, among others. So let’s get started!

Note: If you haven’t read the first part of the tutorial, or you don’t know how to create the .htaccess file yet, I suggest you read the first part of the tutorial first.

Deny or Allow specific IP Addresses

There may be certain instances when you’d want to deny certain visitors to your site (spamming, rude behavior, etc.). As long as you know the visitor’s IP address, you can easily ban them from your site by adding this to your htaccess file:

order allow,deny
deny from 64.189.145.1
allow from all

assuming that 64.189.145.1 is the IP of the person you’re banning from your site. Edit the above IP address with the corresponding IP you wish to deny to your site. Take note, that will deny only the visitor with the IP you specified. Everybody else can still view your site.

If you want to deny a two or more IP addresses, you can just stack them one after the other, like so:

order allow,deny
deny from 64.189.145.1
deny from 23.456.789.32
deny from 204.158.369.21
allow from all

If you want to deny a whole chunk of similar IP addresses, try this code:

order allow,deny
deny from 64.189.145.
allow from all

The above will deny all users with an IP address of 64.189.145.1 to 64.189.145.255, or 255 IP addresses in all.

Another way is to ban a visitor from a certain domain in which they came from.

order allow,deny
deny from www.visitordomain.com
allow from all

Change the above domain to the domain from which you want to deny access to the domain your visitors came from. This will deny access to anyone coming from www.visitordomain.com but still allow everyone else to enter.

Redirection

You can automatically redirect visitors from an old section or file from your site to a new one by using the following code:

Redirect /home/yourlogin/public_html/olr_url/oldfile.html
 http://www.newurl.com/new/newfile.html

This will redirect anyone accessing oldfile.html to the new location of newfile.html. Note that the old location should always use the local UNIX path, while the new location can use both the local or full URL.

Protecting your htaccess file

Visitors cannot view your htaccess file by default, but you take one step further to ensure its security by adding this code:

<files .htaccess>
order allow,deny
deny from all
</files>

Preventing Hot Linking of Files

More and more net users are caught hot linking files and images from other people, which is a form of stealing since you are stealing the bandwidth which other people paid for. To prevent others from hot linking your files, use this code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/antihotlink.gif [R,L]

where antihotlink.gif is a default image displayed when someone tries to hotlink your files. You can add text to the image that says “Hot Linking is Stealing” or whatever you want it to say.

Specify the Administrator’s Email Address

Notice that when you view web pages with errors they always inform you that you can contact the administrator at a certain email address. To specify your own email address, use this code:

ServerAdmin youremail@yourdomain.com

Password Protection of Directories

With this function, you will need to create two files, your .htaccess file and .htpasswd file. The process to create your .htpasswd file is the same with the .htaccess file (see HTACCESS Tutorial Part 1).

First step is that you need to encrypt your desired password first. Go to htpasswd generator, input your desired password and it will generate your 13-character long encrypted password. (Note: The encryption method is different from the encryption method of PHP, therefore you cannot use your encrypted PHP password here). Let’s say your encrypted password is G4eTHop1XmaQk and your desired username is ‘john’ (w/o quotes). You should then copy and save the following code to your .htpasswd file:

john:G4eTHop1XmaQk

Then save the following code to your htaccess file:

AuthUserFile /home/local/path/to/.htpasswd
AuthName "Password Restricted Directory"
AuthType Basic
require john

Remember to change the AuthUserFile line to the local UNIX path where you’ve uploaded your .htpasswd file. Note also that all subdirectories within the password protected directory will now also be password protected.

Specifying a Default Index File

When a URL is requested through a browser, it automatically searches for an index file in that directory. If it doesn’t find one, it lists all the files in that directory. To specify a default index page for your site, copy the following code: