.htaccess - Its uses and more!

By: , September 18, 2007 | Starting Tips For Webmasters

.htaccess is a special file you can upload to your web site to provide various types of protection for your web site. Note that no .htaccess based protection is truly secure.

By Web Gems Hosting


.htaccess is a special file you can upload to your web site to provide various types of protection for your web site. Note that no .htaccess based protection is truly secure. To really secure a particular section of your site, ask us about Strongbox.

.htaccess info for Netscape servers
.htaccess files aren't supported by the Netscape servers, but the Netscape servers do support ".nsconfig" files, which do much the same thing in a slightly different fashion. Use the link above to find out more.

Basic requirements of .htaccess

Unix (Linux) required
To use .htaccess, you'll need to be on a server running Linux or some other Unix like operating system, such as FreeBSD, and using server software such as Apache or another server that supports it. In other words, you can't use it with Windows NT or other Microsoft OSs. But then again, you really don't want to be hosted on NT anyway, Linux & Apache make a much better web server anyway. {;~)

Lastly, you'll need to be on a host that allows you to use .htaccess to accomplish whatever task you wish to accomplish. Different hosts have different rules, which they enforce using something called "the AllowOverrides directive". So if something listed here doesn't work for you, first check your syntax carefully, then double check that you are follow the instructions listed below regarding naming and uploading the file properly. If you are using this information on a site hosted somewhere besides Webgems, your host may not allow you to use .htaccess for these kinds of things. The instructions on this page will work for 95% of all web hosts, so if you're host doesn't allow you to do these things consider switching to a better host, like Web Gems Hosting.

Name and upload the file properly
No matter what you're using .htaccess for, be careful to be sure that you have named the file .htaccess . Not .htaccess.txt or htaccess, this is a common error. When using windows the easiest way to make sure that Notepad or another program doesn't add the .txt extension is to quote the file name in the Save As dialog, as such: ".htaccess".

Next you need to make sure the file is uploaded to the server in ASCII mode. Your FTP client probably has a check box that allows you to choose either ASCII, binary, or automatic. This is the most common problem.

The protected directory
.htacess files affect the directory in which they are located and the sub-directories of that directory. (note - a directory is the same as a Windows "folder") Therefore, webmasters normally use a "members" directory for anything they want to protect, with an "images" sub-directory inside that. You then put any samples or other "unprotected" items in a different directory. For example, the public area URL would be:


While the Members area URLs could be:

and www.yourdomain.com/members/images/pic1.jpg

Protect a directory from hotlinkers & bookmarks

This .htaccess technique keeps other sites from "stealing" your content by using a tag such as <img src="http://yourdomain.com/pic1.jpg"> It also keeps them from providing a direct link to your content pages.

First, be sure to set up your "members" directory as explained above. Be sure that view this page full screen so the line breaks don't mess up. Then open Notepad and paste in the following code, adjusting the domain names:

Of course, where it says "your-site.com", you need to replace that part with the domain name of your site. The optional line that ends with !^$ works around poorly designed "personal privacy" software that the user may have installed. Some of this software may block something called the "referer header" which tells us which site the image is being linked from. Including the line means that users who have the header blocked can see the image even if it's linked from someone elses site. Leaving that line out makes it so that these users won't see the image even on your site.

Then FTP this file into your members directory, naming it ".htaccess" Notice the dot ( . ) in the name. Some people mistakenly leave it off.

Other people mistakenly call it members.htaccess or something. Don't do that. It just called ".htaccess" When you FTP it, make sure to set your FTP program to send it in ASCII or TEXT mode.

Protecting images only, without a "members" directory

This variation on the above setup protects your images from being included in someone elses page, without requiring them to be in a special "protected" directory. See the section immediately above about how to name and upload the file. The contents of the file should be:

Referrer protection with video clips or JavaScript

Video players such as Microsoft media player do not properly pass the HTTP_REFERER variable used above. JavaScript based menus suffer from the same problem. Therefore, neither are not compatible with the .htaccess configurations described above.

If you're using JavaScript menus, you can simply switch over to cgi based menus instead, or you can use either of the techniques that you use for video clips. Email us for help with cgi based menus. If you have video clips on your site such as mpg, avi, or RealVideo, you have two choices, allow the null referer, or use a cookie. To allow a null referer, you'll add one line, so it'll look like this:

That's it for the null referer method, you're done. Unfortunately, that also allows people to bookmark the page. Not really a problem on regular AVS sites, but many Gold AVS webmasters don't want people bookmarking.

To prevent bookmarking, you can use a cookie to determine if they logged in through the AVS script. Add this line to your .htaccess instead:

So now your .htaccess looks like this:

You need some javascript to set the cookie. Paste the foillowing javascript into the section of your first protected page: (Often www.you.com/members/index.html)

Your site is now protected.

Require passwords to enter a certain area

Here is the .htaccess code to require passwords:

You'll probably need some type of script to manage the actual password list,
unless you only want one person to be able to enter, such as an admin page.
To manage passwords for many users, contact us at support@webgemshosting.com for script setup pricing.

Redirect all 404 not found and other errors to a page of your choosing

404 errors are generated when users try to go to a page that doesn't exist, like a typo in the url. By default, these errors cause a plain, ugly page to be shown to the user. To redirect a 404 or other error, add the .htaccess code below, substituting the url of the page you want the user to be redirected to.

ErrorDocument 404 http://www.domain.com/pagemissing.htm
ErrorDocument 500 /errors/cgierror.htm
ErrorDocument 401 /errors/needpassword.htm

Other common codes you can set up custom pages for include 401 (you need a password), 403 (you're not allowed to see this page), and 500 (a cgi script somehow didn't work right).

Note the two kinds of URLs. You can use either a full URL (starting with http://) to redirect to a different site, or use just the path to display a page on your site. It is always preferable to use the second form, the local path. For redirecting 401 errors, you should always use the local path, NEVER a full URL.

Ban certain IPs from accessing your site, or only allow certain IPs

Allow only certain users from certain ISPs to access:

Block certain users from certain ISPs:

For more extensive .htaccess information, use the NCSA authentication tutorial This mosaic tutorial includes step by step basic by-password authentication, info on multiple usernames & passwords, it has examples, and general information.

Web Gems Hosting offers Data Class Dedicated, Shared and Co-Location services. Our facilities include generator back-up, 24/7 security/access control, redundant bandwidth, 99.999% uptime and 24/7 service. Web Gems is housed in one of the leading network-neutral data centers in the South Florida area. Experience the quality, performance and value that Web Gems brings to the Internet hosting arena.

Share this article:

Featured Articles

Opportunities for Mobile Promotions

The mobile market is undisputedly becoming an integral part of the marketing mix and for many marketers presents abundant opportunities to reach consumers. As adoption of mobile internet continues to increase, so do consumer’s expectations...

Read More
Blame Television For Everything That's Wrong In Your World

Feeling a little out of sorts lately? Not accomplishing your life's goals? Fatter and balder than you wish you were? Don't worry, it's not your fault! You can blame everything that's wrong in your world on.... TELEVISION!

Read More
Providing Anonymity Through Virtual Cash

uKash.com provides a paypal type payment solution for your adult website.

Read More
Cinemix Affiliate Program

Read about a new adult affiliate progam from Sweden called cinemix.

Read More
The "411" on PDA Porn

Pocket-xxx.com offers the background and the essentials for turning your adult site on to the wireless web. A MUST READ for Amateur Webmasters.

Read More

Privacy Policy


©1994-2012 Adult Chamber Webmaster Resources. All rights reserved.

Business Services

Web Design
Print Design