First, obivously, create an empty file named ".htaccess" and upload it to the root directory of your website. (The same folder that the front page of your website is in). The file has no "name" just an extension, ".htaccess"


To create your own error documents
Add the following to the .htaccess file replacing the italicized text with the exact path to, and filename of your error doc.

ErrorDocument 400 /path/to/document_name.html

You can also do this for other error types like so:

ErrorDocument 401 /path/to/document_name.html
ErrorDocument 403 /path/to/document_name.html
ErrorDocument 404 /path/to/document_name.html
ErrorDocument 500 /path/to/document_name.html
Error Types:
400: Request Error (browser header probs or the like)
401: Authorization Required
403: Forbidden
404: File Not Found (user asked for non-existant file)
500: Server Error (bad script or something of that nature)

Adding SSI for other extensions
Changing the italicized text to the extension you wish to add.

AddType text/html .shtml
AddHandler server-parsed .extension to add
Options Indexes FollowSymLinks Includes

Changing Directory Default Page
The following will make your webspace use index.shtml as the default page, if that is not found it will use index.html.

DirectoryIndex index.shtml index.html

Denying Users by IP
The first "deny from" line will block the single IP, the second will block the entire Class C IP block.

order allow,deny
deny from xxx.xxx.xxx.xxx
deny from xxx.xxx.xxx.
allow from all

Redirects
The first file must be absolute path from your webroot, the second must be a full URL.

Redirect /path/of/requested.file http://url.of.file/to/redirect.to

Prevent Hotlinking
To give the hotlinking site an empty image:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?mydomain.com/.*$ [NC]
RewriteRule .(gif|jpg)$ - [F]

To give them an alternate image:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?mydomain.com/.*$ [NC]
RewriteRule .(gif|jpg)$ http://www.mydomain.com/nasty.gif [R,L]

If the fourth line of both of these your will see "gif|jpg", you can change this and add whatever file types you don't want hotlinked to.

Don't Let People See Your .htaccess
Add this:


order allow,deny
deny from all


Password Protection of Directories
Put an .htaccess in the directory you want protected, then, put a file names ".htpasswd" in another directory (preferrably under the protected one) In the .htaccess add this:

AuthUserFile /export/home/yourname/www/whatever
AuthGroupFile /dev/null
AuthName MySite
AuthType Basic

The first line is the full server path to your htpasswd file.
The AuthName is the name of the area you want to access. It could anything, such as "MySite". You can change the name of this area to whatever you want, within reason.
Use AuthType Basic because we are using basic HTTP authentication.

And in .htpasswd put:

username:encrypted password

The username being the login name, and the password you can encrypt with this little web tool:
http://www.euronet.nl/~arnow/htpasswd/

To make html use php embedding:

AddType application/x-httpd-php .php .php4 .php3 .html .phtml

To add a new Index file:

DirectoryIndex

replace with a list of files you want treated as an index for example "default.html" or "index.php" or "index.pl"

I tried doing:


RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(www.)?doom3resource.net/.*$ [NC]

RewriteRule .(gif|jpg|png)$ http://www.doom3resource.net/images/stealing.gif [R,L]

But it prevents files from being loaded even when accessing them through my site.

Boy yeah, dont even get me started with htaccess stuff. I can lock down folders with the ensim cp interface, but if I ever try to do anything important with it i manage to break all kinds of stuff ;)

hi is something wrong with my browser? i dont see any italicized text in the first post :(.

hello lapchern

no...i dont think the text ever got italicized

view it now

Everybody should do this, especially for the 404 errors. Make a page that not only says there was an error, but include some links to the main parts of your site & your site map, if you have one.

Studies have shown that a lot of web users don't know how the address bar works. They don't realize they can simply edit the address there to get back to your home page, so they give up. Or they think the standard 404 message means your whole site is down or gone forever. Some of them try to use the browser Home button to get to your site's home page- if anyone knows how to pull that off, let me know!

If you rename an html file, it's easy to forget to update all the links on your pages to point to the new name. Even if you are good about doing that, you never know if some other site is linking to one of your pages rather than just your domain name or index.htm. I'd hate to have people follow a link to me, get a 404 error, & think my site is gone. Or worse, have the other site owner think my site is gone & remove their link.

I found another site linking to one of my pages, & my logs show about 1/3 of my visitors so far came from there, so I'm quite happy for that link. I have no idea how they found my site- I never heard of the other site til I did a search on my own domain name looking for links to it.

It wouldn't make sense for them to link to my main page, because my site is about flying, & theirs is about photos of places. I have some aerial shots of the Bahamas on a couple pages, which is what they link to.

Also, when you make your error pages, word them so it doesn't sound like it's the user's fault. A lot of users are still computerphobes who blame themselves every time something goes wrong.

php_value include_path ".:/usr/local/lib/php:/php/includes:/includes"


The above doesn't work. I'm trying to make it so I can include files that are in the /includes directory without having to specify the path - PHP will know to look in the /includes directory on its own. What did I do wrong?



<?php require("template.part1.php"); ?>

Originally posted by D9r@Dec 10 2003, 09:06 PM


php_value include_path ".:/usr/local/lib/php:/php/includes:/includes"


The above doesn't work.* I'm trying to make it so I can include files that are in the /includes directory without having to specify the path - PHP will know to look in the /includes directory on its own.* What did I do wrong?



<?php require("template.part1.php"); ?>


As an alternative, use ini_set("include_path", ".:/usr/local/lib/php:/php/includes:/includes");.

Also, you might want to change the code to .htaccess line to read:
php_value include_path ".:/usr/local/lib/php:/php/includes:./includes"

Or, you may need to specify the full path name to the includes directory. I assume it is not really at /includes, but rather under your htmlroot.

-Eugene

I found the solution last night (it's just what you said).

Used the full path from the root to the public directory, and added this line to the .htaccess file:


php_value include_path ".:/usr/local/lib/php:/home/(username)/domains/(domain.com)/public_html"

Now I just say

<?php require("includes/template.part1.php"); ?>
and it works regardless of what directory I'm in.

Password Protection

The root to .htpasswd using Direct Admin :

AuthUserFile /home/username/domains/domain.com/public_html/yourdirectory/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic

<Limit GET>
require valid-user
</Limit>

:lol:

Could an admin please make this a Sticky Topic so it's easy to find?
I had to go 4 pages back to find it.
And having it at the top will cut down on redundant threads regarding htaccess.

Thanks.

I take it the full path to the public directory is still:

/home/(username)/domains/(domain.com)/public_html

and I should set the path to the /includes/ directory like this:

php_value include_path ".:/home/(username)/domains/(domain.com)/public_html"

or is it important to have that other one in there as well:

php_value include_path ".:/usr/local/lib/php:/home/(username)/domains/(domain.com)/public_html"

How do you put comments in an .htaccess file? As follows?

# this is a comment
Do double slashes '//' not work then?

"Adding SSI for other extensions
Changing the italicized text to the extension you wish to add.

AddType text/html .shtml
AddHandler server-parsed .extension to add
Options Indexes FollowSymLinks Includes "

Is something supposed to be italicized there...?

-BlasTech

AddType text/html .shtml
AddHandler server-parsed .extension to add
Options Indexes FollowSymLinks Includes

Yeah, I think it's supposed to be the ".extension to add"

Change 'extension' and omit 'to add'

basic HTTP authentication - is it reasonably effective in keeping unauthorized users out? I have a couple of pages that must be absolutely secure.


Originally posted by Joe+Jan 13 2003, 10:54 PM--><div class='quotetop'>QUOTE(Joe @ Jan 13 2003, 10:54 PM)</div><div class='quotemain'># Don't Let People See Your .htaccess
# Add this:
order allow,deny
deny from all


# Password Protection of Directories
# Put an .htaccess in the directory you want protected,
# then, put a file named ".htpasswd" in another directory (preferrably under the protected one)

# In the .htaccess add this:
AuthUserFile /export/home/yourname/www/whatever
AuthGroupFile /dev/null
AuthName MySite
AuthType Basic

# The first line is the full server path to your htpasswd file.
# The AuthName is the name of the area you want to access. It could anything, such as "MySite".
# You can change the name of this area to whatever you want, within reason.
# Use AuthType Basic because we are using basic HTTP authentication.

# And in .htpasswd put:
username:encrypted password

# The username being the login name, and the password you can encrypt with this little web tool:
# http://www.euronet.nl/~arnow/htpasswd/


Quoted post
[/b]
and...<!--QuoteBegin-lokust@Jan 9 2004, 08:31 PM
Password Protection

# The root to .htpasswd using Direct Admin :
AuthUserFile /home/username/domains/domain.com/public_html/yourdirectory/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic

<Limit GET>
require valid-user
</Limit>


Quoted post
[/quote]

The built-in "Password Protect this directory" option in DA does what Joe outlined.

Originally posted by eugene@Jan 13 2005, 01:50 AM
The built-in "Password Protect this directory" option in DA does what Joe outlined.

Quoted post
I know, but I don't want to use a control panel. What fun is that? I want to do it myself. Thanks though.

Found my homework reading assignment:
Apache HTTP Server Version 1.3 >> Authentication, Authorization, and Access Control (http://httpd.apache.org/docs/howto/auth.html)

OK. It looks like HTTP Authentication is secure enough for certain situations, and a good technique to start out with. Later I can learn about the fancy stuff like ssl and sessions.

I'll begin with the plane-jane browser interface as described above. Once that's working I'd like to convert over to using a webpage form written in php. Does anyone here have code snippets for doing that? The PHP manual has some: http://us4.php.net/manual/en/features.http-auth.php

I want to protect my site from hotlinking (there's a bunch of MySpace/Xanga retards stealing my images), but when I use the .htaccess I made, some people tell me they can't see ANY images when they visit my site directly (even if they refresh, clear cache, etc.). Here's my current .htaccess file:

---cut here---
ErrorDocument 404 /404.shtml

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?hjo3.net/.*$ [NC]
RewriteRule .(gif|jpg)$ http://www.hjo3.net/404_hahaha.jpg [R,L]
---cut here---

Anything I'm doing wrong here?

Originally posted by hjo3@Jan 14 2005, 06:05 PM
Anything I'm doing wrong here?

Quoted post

Anyone?

Originally posted by Guest+Jan 16 2005, 01:03 PM--><div class='quotetop'>QUOTE(Guest @ Jan 16 2005, 01:03 PM)</div><div class='quotemain'><!--QuoteBegin-hjo3@Jan 14 2005, 06:05 PM
Anything I'm doing wrong here?

Quoted post

Anyone?

Quoted post
[/b][/quote]

Bueller?....... Bueller?.......Bueller? (http://www.idiotsavant.com/bueller/sounds.htm)

I don't fully understand the code, but here's what I use. It came from reliable sources at the HiveMinds web developer forum (http://hiveminds.info/).
# Prevent Hotlinking
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(.*\.)?freesquid\.org(/)?.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]

on some server your need to add this first:


Options +FollowSymlinks

Originally posted by dbmasters@Jan 16 2005, 04:35 PM
on some server your need to add this first:

Options +FollowSymlinks

Quoted post

I use a few other options as well:
Options -Indexes +FollowSymLinks +MultiViews +ExecCGI

Anyone know why addhandler does not work? The server gives a Bad Request errror.

Options +ExecCGI
DirectoryIndex index.pyhp index.html index.htm
AddType text/html .pyhp
AddHandler phyppage .pyhp
Action phyppage cgi-bin/pyhp.py
AddHandler cgi-script cgi py

Anyone know why addhandler does not work? The server gives a Bad Request errror.

Options +ExecCGI
DirectoryIndex index.pyhp index.html index.htm
AddType text/html .pyhp
AddHandler phyppage .pyhp
Action phyppage cgi-bin/pyhp.py
AddHandler cgi-script cgi py
Try adding a slash in front of cgi-bin in AddHandler:
Action phyppage /cgi-bin/pyhp.py

Hope it works.