If you are planning on using the .shtml extension and would like to use SSI on your index page you must add another line of code into your .htaccess file;

DirectoryIndex index.shtml index.html

This line of code will allow your index file to be index.shtml and if it does not find one it will automatically check for a index.html.

Blocking Users By IP Address

If you were to need to block someone or a group of people from accessing your website it would be as simple as adding the following lines of code to your .htaccess file;

order allow,deny
deny from xxx.xxx.xxx.xxx
deny from xxx.xxx.xxx
allow from all

The first line sets the order of steps, the first step is to allow, then to deny.

The second line is the first line of denials, there can be as many as you require. This line will prevent anyone from IP address xxx.xxx.xxx.xxx from entering this directory (or website).

The third line will block everyone from an IP range, anyone at xxx.xxx.xxx.??? will be blocked, such as xxx.xxx.xxx.1, xxx.xxx.xxx.2 ... xxx.xxx.xxx.255.

The last line will allow everyone else to enter, however, if you chose to prevent everyone you could set this line to read;

deny from all

You may also allow or deny by domain name, such as;

deny from .purehost.com

This will prevent all users from this domain to be blocked, it also includes all sub-domains (such as username.purehost.com).

Changing Your Default Directory

If you have a problem setting your homepage to index.html you may want to look into using this piece of code in you .htaccess file;

DirectoryIndex filename.ext

What this will make happen is when someone accesses your website they will be directed to the filename listed instead of the typical index.html file. You can also setup priorities on this too, if you were to list multiple files it would check for the first one and if unable to find it, it would then move on to the second one and so forth.

For example;

DirectoryIndex danny.html index.pl home.php index.html

This would first check for the daniscool.html file and if unable to find it check for the index.pl file and if unable to locate it check for the home.php file and if unable to find it check for the index.html file. Once it has exhausted all of these then it would display a 404 error (hopefully you have already set up a custom one using your .htaccess file).

.htaccess Redirects

Although redirects can be coded through many different means, such as http-equiv, javascript, or any type of dynamic scripting it is typically more efficient to do it through a .htaccess file. The reason being that the coding for all your redirects can be done through a single file instead of having to add code to multiple files. This can save time, which ultimately can mean the difference between someone coming to your site and finding broken links or not seeing updated information.

htaccess uses redirect to look for any request for a specific page (or a non-specific location, though this can cause infinite loops) and if it finds that request, it forwards it to a new page you have specified:

Redirect /folder1/file1.html http://site.com/folder2/file2.html

Notice there are three separate yet required parts to this line of code. The first part is the Redirect command, this informs the browser that when a specific file or folder is accessed the browser is going to be redirected to a new location. The second part is the address of the file or folder you want to redirect from relative to your root directory. The third and final step is to indicate the file or folder that you want to redirect to, this should be indicated by the complete path to it.

As with most .htaccess commands all three sections of this are seperated by a single space but located on one line. This command will often be used if there are massive changes to a website, for instance you have created an entire new site, which is located in a separate folder. You would use the redirect command and specify the old folder and then specify the new folder.

Hiding Your .htaccess

Because your .htaccess file can often contain information that is very pertinent to your website or information that can be potentially a security risk it is always better to limit access to it as much as possible. If you have set incorrect permissions or if your server is not as secure as it could be, a browser has the potential to view an htaccess file through a standard web interface and thus compromise your site/server. This, of course, would be a bad thing. However, it is possible to prevent an htaccess file from being viewed in this manner:

order allow,deny
deny from all

The first line specifies that the file named .htaccess is having this rule applied to it. You could use this for other purposes as well if you get creative enough. If you use this in your htaccess file, a person trying to see that file would get returned (under most server configurations) a 403 error code. You can also set permissions for your htaccess file via CHMOD, which would also prevent this from happening, as an added measure of security: 644 or RW-R--R--.

Adding MIME Types

IF you are using a file extension that is not set on the servers, which can be a common occurrence with MP3 or even SWF files, you can specify what type of file it is by adding this line of code to your .htaccess file;

AddType application/x-shockwave-flash swf

AddType is specifying that you are adding a MIME type. The application string is the actual parameter of the MIME you are adding, and the final little bit is the default extension for the MIME type you just added, in our example this is swf for ShockWave File.

If you need to find the application string of the file you are adding most of them are located at filext.com. Also, if you want to have a file who?s extension is specified on the server to open with something and you would rather have that downloaded (for instance .xml) you can specify the application string as;

application/octet-stream

Preventing Hot Linking

Hot linking refers to someone outside of your website using the path to one of the images on your website. This is considered very rude for two major reasons; the first is that you may have spent many hours working on a particular image and do not want it used by someone else, and the second is that everytime someone accesses that other person?s page it uses your bandwidth. If the site were to have many visitors it could end up that your website actually goes down to bandwidth over usage.

Using .htaccess, you can disallow hot linking on your server, so those attempting to link to an image or CSS file on your site, for example, is either blocked (failed request, such as a broken image) or served a different content (for example a different picture) .

Here's how to disable hot linking of certain file types on your site, the case below takes into account images, JavaScript (js) and CSS (css) files on your site. Simply add the below code to your .htaccess file, and upload the file either to your root directory, or a particular subdirectory to localize the effect to just one section of your site;

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.com/.*$ [NC]
RewriteRule \.(gif|jpg|js|css)$ - [F]

Be sure to replace "domain.com" with your own. The above code creates a failed request when hot linking of the specified file types occurs. In the case of images, a broken image is shown instead.

You can set up your .htaccess file to actually serve up different content when hot linking occurs. This is more commonly done with images, such as serving up an alternate image in place of the hot linked one. The code for this is;

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.domain.com/alternatepicture.gif [R,L]

About The Author

Justin Robinson
http://justincanada.net