.Htaccess

A .htaccess file is a file that works on Apache and other NCSA-compliant webservers. The name is actually a bit of a misnomer due to the fact that hyper-text access is only a small function of what it's capabilities are. The .htaccess file affects the directory it is located in and all directories below it on the directory tree unless there is a .htaccess file contained within a directory, in which case it will take priority for that directory and all directories located below it in tree. Thus if a .htaccess file is contained within the root directory it will affect all directories on the webserver. The basics are as follows. The .htaccess file is an ASCII (American Standard Code for Information Interchange), these files are most easily generated through notepad or anything that can type in simple text format. One of the most common questions about .htaccess files are what to name them, unfortunately they can have no name, and the extension (although uncommon) really is 8 characters long. Creating the file is somewhat tricky because programs like Windows Operating System will not allow you to have a file wih no name and only an extension. In order to get around this what you must do is name the file whatever you would like and after it has been uploaded to the server rename it to .htaccess. At this point however the file will become invisible to browsers and ftp clients (although it can still be navigated to and the contents of it viewed), this is due to the fact that any file with a period at the beginning of it's name is considered a hidden file. When uploading the .htaccess file it is very important to make sure that you upload it as ASCII and not as binary. Also when it has been uploaded there are a few precautions you take to prevent it from being read by a browser, one is to CHMOD it's permissions to 644 (or RW-R--R--). The other's will be covered later on in more detail. Due to the nature of the information stored in the .htaccess file it is usually of the utmost importance to keep it secure. When creating a .htaccess file for the first time there is one quick note to keep in mind, this is that most commands are typically meant to be placed on one line, so if you are using a text editor which has the word wrap feature it may be in your best interest to turn it off as this can input syntax that Apache does not understand and will cause your scripts to fail. Also note that .htaccess files will not work on a NT or Windows platform, there are various other methods of accomplishing the tasks that .htaccess provides, but none that are bundled together in such a nice little package. .htaccess files are not globally accepted. Due to the fact that they can be used for security that can become very serious security holes. Due to this some webhosting companies have either limited the use of .htaccess or removed it all together. Before you take the time to create a .htaccess file or series of them you should always know what you can and cannot do. Custom Error Pages / Request Pages There are various client requests and error pages that can happen when someone is navigating a website. A brief list of them is as follows; 200 - Okay 201 - Created 202 - Accepted 203 - Non-Authorative Information 204 - No Content 205 - Reset Content 206 - Partial Content 400 - Bad Request 401 - Authorization Required 402 - Payment Required 403 - Forbidden 404 - Not Found 405 - Method Not Allowed 406 - Not Acceptable 407 - Proxy Authentication Required 408 - Request Timed Out 409 - Conflicting Request 410 - Gone 411 - Content Length Required 412 - Precondition Failed 413 - Request Entity Too Long 414 - Request URI Too Long 415 - Unsupported Media Type On this list I have included some good and some bad things that custom pages could be set up for in a .htaccess file. For instance if you set up a customer page for the 200 request everytime someone successfully typed in a URL or accessed your website and it was successfully bringing up a page then it would refresh to the page you specified in the .htaccess file, as soon as it was successfully brought up it would then redirect back to the page specified in the .htaccess file, and so on infinitely. This would be an example of a bad way to use this feature. However, if you were to set it up for error 404 then when someone typed in an incorrect url or a link to a page has become outdated then someone could be redirected to a nice professional looking page which could also be useful and provide links back to your mainpage or to a help section within your website. The coding used to within a .htaccess file to redirect upon the completion of a request or error is as follows (and only goes on a single line); ErrorDocument code /directory/filename.ext For instance this could look like; ErrorDocument 404 /errors/404.html This would redirect anyone who got a 404 error on my website to a folder called errors and then to a file named 404.html. You also have the ability to add html to the .htaccess file for these, for instance you could add; ErrorDocument 404 " The page you are requesting is not here, please use your back button to return. Notice that there are quotation marks before the html code but not at the end of it. This is as it should be for the Apache to read it correctly. Also make sure that it is all on one line so turn off your wordwrap when inputting it. Password Protecting Folders In order to password protect any directory you will require two files, .htaccess file and a .htpasswd file. The naming convention is identical to the .htaccess file. Within the .htpasswd you will need to put in the username and password (although the password must be encrypted) you would like to use, for instance, if we use the username of username and the password of password it would look like this. username:66yGQHg8KA7jw In order to encrypt a password you can go to