Apache .htaccess tweaking tutorial
In this tutorial we are going to improve our website by tweaking out the .htaccess file. Why I wrote this article? Because on the net I have found many articles about this little beast, but every one of them dealt with a specific issue and not look at the overall usage of these files, or they are just too big when you need to do a thing in little time. So I'm trying to collect all the useful bits of data in a monolithic but slim tutorial, which will be updated as I collect more information. But first, let's see what .htaccess file is...
Here we have the definitions from Wikipedia:
.htaccess (Hypertext Access) is the default name of Apache's directory-level configuration file. It provides the ability to customize configuration directives defined in the main configuration file. The configuration directives need to be in .htaccess context and the user needs appropriate permissions.
Let's now deal with most common issues!
Tweaks Index
(Last updated 28th Feb 2006)
- Folders Access Control
- Folder Listing
- Enable Compression
- Hide your files
- Customized HTTP 404 error page
- Blocking bad referers - No hotlinking
- Blocking Bad Bots | Fetchers
- Do not show 'www'
- Hide scripting language extension
- Various Tips & Tricks
- Password Protection with htpasswd
- Enabling SSI
- Changing default page
- Avoid 500 error
- CheckSpelling directive
- Add MD5 Digest
- Sources
- Tools
1) Folders Access Control
You may want to totally disable access in one folder (for example, you have a directory with programming libraries that are included in your main files: in this case only the main files will access these trought the filesystem, but no one from the web should be able to open it). Well, just create an .htaccess file in that folder and put this in it
#deny all access
deny from all
If you'd like to allow access from one specific IP
#deny all access
deny from all
allow from 10.0.0.1
or from a specific IP range (which you enforce with a bit mask)
allow from 192.168.0.0/24
you can also block a specific file from access
<Files private.html>
Order allow,deny
Deny from all
</Files>
2) Folder Listing
If you want to make your folders browsable, then you should add this line in .htaccess file
Options +Indexes +MultiViews +FollowSymlinks
And this one if you have the appropriate module installed on your webserver
<ifmodule mod_autoindex.c>
IndexOptions FancyIndexing
</ifmodule>
You may want to prevent folder listing
IndexIgnore *
./ Back to Index
3) Enable Compression
You can enable PHP's built in data compression to save bandwidth
<ifModule mod_php4.c>
php_value zlib.output_compression 16386
</ifModule>
./ Back to Index
4) Hide your files
To disable access to a particular file you can use a regular expression and the Files directive to deny access to any file beginning with .ht
You can modify it to deny a specific file (like configuration files, robots.txt, log files and whatever you want)
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
./ Back to Index
5) Customized HTTP 404 error page
If you'd like to redirect your visitors every time they catch into an HTTP 404 error, use this code:
ErrorDocument 404 /errors/notfound.html
This redirects the user to /errors/notfound.html whenever a 404 error happen. You can of course redefine also other http errors codes (403, 500... and so on). Read below what I've found here!
Tip: Internet Explorer has a lightly-documented “feature” that stops it from serving any custom 404 error page that is less than 512 bytes long. Your visitors will instead be sent to IE’s own 404 page (screenshot), which is generic and suggests they use an MSN search to “look for information on the Internet.” That’s one way to lose visitors! Make sure your custom 404 error page is over this limit — about 10 full lines of text and HTML should be enough.
6) Blocking bad referers - No hotlinking
If you want to block some parts of your site from any bad referer:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} example\.com [NC,OR]
RewriteCond %{HTTP_REFERER} otherexample\.com
RewriteRule .* - [F]
</ifModule>
Using rewrite engine, you will deny access to all your site from any visitor incoming from badguy.com or othernastywebsite.com
To prevent bandwidth stealing, you can also block access to particular files (images, zip, avi and so on)
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([-a-z0-9]+\.)?example\.com[NC]
RewriteRule .*\.(zip|mp3|avi|wmv|mpg|mpeg)$ http://www.example.com/images/nohotlink.gif [R,NC,L]
</ifModule>
This says: "If the visitor is not coming from mywebsite.net, then redirect all requests for (zip,mp3,avi,wmv,mpg,mpeg) files to a nice image that says "NO HOTLINKING HERE". Got it? You can redirect to a page, or whatever you want, or you can modify the file extension list to include/exclude other files. CAUTION: when you decide to block image hotlinking, remember that you can potentially block ALL traffic outside your domain scope! For example, if you have a feedburner feed you have to modify the rule to let him get the images ... or you feed will look quite nasty!
./ Back to Index
7) Blocking Bad Bots | Fetchers
In some cases you want to block some nasty spiders or site downloaders. Then we have to use mod_rewrite again. Usually bad bots ignore robots.txt directive so you may want to enforce them to a 403 error whenever they try to spider or fetch your website
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:[email protected] [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule .* - [F]
</ifModule>
(List taken from here)
./ Back to Index
8) Do not show 'www'
To do this, you can usea simple rewrite rule
<IfModule mod_rewrite.c>
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{http_host} ^www\.example\.com[nc]
RewriteRule ^(.*)$ http://example.com/$1 [r=301,nc]
</IfModule>
Why removing www? You can read it here.
9) Hide scripting language extension
You can improve your security by changing script extensions so your visitors don't know what scripting language you are using:
# Make PHP code look like unknown types
AddType application/x-httpd-php .133t
This way the .133t files will be parsed as PHP files. You must rename your files with the new extension.
./ Back to Index
10) Various Tips & Tricks
- Keep .htaccess small: the file is processed by the webserver at EACH request (performance issues)
- Keep your .htaccess organized. Use comments (# lines) and keep it logically consistent. Is very difficult to understand a untidy .htaccess file once it grows in size
- When using URL rewriting rules, add the flag [L] to the rules that redirects the users to a last page (like no hotlinking rules and so on). You will tell the server to not process any more the rules (performance issues)
- Beware of inheritance: root level .htaccess files are applied also in folders, and any htaccess rule in the folder can override the root rules
11) Password Protection with htpasswd
This is useful if you want to add password protection to some pages/folders
- Create a .htpasswd file in the folder you want to protect
- The file will contain login data in the form username:password. Username is plain text. Password should be encrypted or it won't work! Use this tool to get your string to add
- If you create the file on your local pc, be sure to upload it on the webserver in ASCII mode
- Now you can modify your .htaccess file. The authentication will apply to the folder where you place it and its subfolders:
AuthUserFile /home/pathto/.htpasswd
AuthType Basic
AuthName "My Secret Folder"<LIMIT GET POST>
require valid-user
</LIMIT>
You can protect a single file by placing this into a <Files> directive. - Be sure to protect your .htaccess file from viewing using the 1) tip
12) Enabling SSI
Use this instructions to enable SSI parsing
AddType text/html .html
AddType text/html .shtml
AddHandler server-parsed .html
AddHandler server-parsed .shtml
13) Changing default page
You can use these instructions to change default page (order is important!)
DirectoryIndex home.html index.htm index.html index.php
14) Avoid 500 Error
By passing the charset you avoid the 500 error display
AddDefaultCharset utf-8
15) CheckSpelling directive
This directive can be useful to auto-correct simple spelling errors in the URL
<IfModule mod_speling.c>
CheckSpelling On
</IfModule>
16) Add MD5 Digest
If you aren't worried about performance issues, you can add a MD5 hash calculation to attach a MIC (Message Integrity Check) on each request. This is useful to check the integrity of the message.
ContentDigest On
A) Sources
- http://corz.org/serv/tricks/htaccess.php
- http://underscorebleach.net/jotsheet/2004/06/htaccess-prevent-hotlinking
- http://brainstormsandraves.com/archives/2005/10/09/htaccess/
- http://www.usphp.com/security.hiding.html
B) Tools
Similar Posts
- Apache mod_rewrite tweaks (72.7%)
- Peer to Peer: what next? (44.6%)
- Quick Tips - Installing JINI on Gentoo with NPTL (38.9%)
- 60 AJAX Tutorials (35.5%)
- Favicon dinamiche con AJAX e Javascript (32.4%)
Google+
Shared
Last comments
- Nicola D'Agostino » Mytech – A caccia del blog on BlogUniverso, Asimov, varie ed eventuali
- Top 40 Web Design Resources Sites on Apache .htaccess tweaking tutorial
- alistsirtaylor on Will Google+ beat Facebook?
- Vortexmind on Duxford Airshow – 8/9 September 2012
- .htaccess Kullanımı | on Apache .htaccess tweaking tutorial
Recent articles
- Warbirds Forum & Blog – Restyled
- Natural Selection 2 – #gorgeous update #ns2
- Autumn
- Duxford Airshow – 8/9 September 2012
- Incidenti diplomatici in Greco – Topa
Archive
Meta
Pages
Blogs
- +Blog
- Arrakis
- Ciscozine
- Fuffologia
- Funk On Web
- Jon Homepage
- My Vintage London
- Portagalera
- Sanbaldo
- Vittorio Strampelli
February 26th, 2006 - 15:53
Braddocchi, un uccellino mi ha detto che tradurrai l’intero articolo in italiano per rendere meno sbatti la lettura…………………………….VERO ????????
February 26th, 2006 - 16:22
Eh beh certo … ma che sbatto … dai non dirmi che non è comprensibile! Comunque SE ci saranno abbastanza richieste e SE qualcuno sarà cosi gentile da diggare l’articolo … potrei anche valutare la cosa. Se vedo che c’è interesse farò il possibile per accontentare tutti :D
February 26th, 2006 - 19:55
Bhe tra italiano e inglese per me rimane sempre più comodo l’italiano oh.
Che vordì diggare ?
Oh leggi l’email e facciamo scambio di icone ! yarf yarf yarf
February 26th, 2006 - 20:14
Clicca su diggare e capirai :)
February 26th, 2006 - 21:18
ti ho diggato!!!
February 26th, 2006 - 21:43
Very good. Thank you for this. I look forward to more updates.
Can I suggest more on the mod_rewrite as that tends to cause the most problems. A good one would be something about how to make your pages all appear to not have an exension.
February 26th, 2006 - 23:15
Good suggestions TW. Ah, I like your history site :)
February 27th, 2006 - 00:57
wow, finalmente un diggers italiano, bravo picciotto :D
February 27th, 2006 - 02:33
Very well written, a useful guide. Thanks.
February 27th, 2006 - 03:12
The following directive
require valid-user
is very very danger.
i’d be happy if you consider this.
February 27th, 2006 - 03:13
Thanks for this excellent guide! I wish I’d had this yesterday as I was trying to upgrade to WordPress 2…
February 27th, 2006 - 03:15
sorry but I want to write like this:
<LIMIT GET POST>
require valid-user
</LIMIT>
February 27th, 2006 - 03:58
Nice and all, but its faster to keep this all in the httpd.conf as using .htaccess will add another file accessed for every page load and that will add another disk seek.
February 27th, 2006 - 05:21
I have a fairly large .htaccess filled with rewrite rules, how would I go about moving them to my httpd.conf?
February 27th, 2006 - 06:40
Good summary.
For some reason the CheckSpelling directive causes ALL pages in my site to return a 500 error.
February 27th, 2006 - 07:11
Thanks for the feedback guys, I will get back to you as soon as possible :)
February 27th, 2006 - 09:16
Got a typo here:
<ifmodule mod_autoindex.c<February 27th, 2006 - 09:36
Very usefull!
maybe do you know, how to set .htaccess to
set password for specicic IP address only, and allow unrestricted access to whole Internet?
February 27th, 2006 - 12:25
Yes spaghetto ammeregano mai provogado e mo me te magno.
Quand you traducing estas guidas, baby ? I diggato you!
February 27th, 2006 - 15:25
Josh — Apache will throw a 500 error anytime it processes a .htaccess file with rules it doesn’t understand. Almost certainly what’s happening for you is that mod_speling (yes, that’s what it’s called — bad joke from the Apache team) isn’t compiled in your Apache, so it doesn’t recognize the request.
February 27th, 2006 - 15:35
That was really interesting! Thanks!
A great resource
February 27th, 2006 - 18:18
Josh & Matt R: you’re right, if the module is missing we have 500 error. So I’ve modified the tutorial … just adding a IfModule directive makes it portable even to servers without the module. Shame on Apache Group for spelling error :D
Another nice things to know about CheckSpelling (from Apache 2.0 Docs)
So … use it with caution!
Dan: I will try to do that :D
February 27th, 2006 - 22:47
In “Blocking Bad Bots” you end in:
RewriteRule ^.* - [F,L][L] is redundant when used with [F]. You can read more about the flags at the Apache Module mod_rewrite guide.
You can also remove the
^as you don’t need to start-anchor a wildcarded pattern. I would make the final code like this:RewriteRule .* - [F]Nitroburn is correct in stating that putting most of your htaccess code into httpd.conf is faster because it only has to load once during Apache startup, but it takes some tweaking if you are using virtual hosts. I block bad bots using one httpd.conf file for 40 virtual hosts (we host 40 or so web sites) instead of 40 separate .htaccess files.
You list each bot in a separate line. Writing each robot name on its own line is faster in httpd.conf, but slower in htaccess. htaccess will parse it faster (not by much) if you combine them into one line. There is an interesting article about this at Webmasterworld (see message #75).
February 27th, 2006 - 23:01
And consider that not all hosting plans let you modify httpd.conf
February 28th, 2006 - 12:03
great straight forward tutorial . thanks for the work.
March 3rd, 2006 - 05:31
Don’t limit the LIMITs. Remove the lines with LIMIT and /LIMIT. Almost every use of LIMIT is wrong, as is this one.
It’s amazing how much cargo-culting there is around this issue. Go read the Apache docs… they confirm what I’m saying.
March 15th, 2006 - 22:18
Well, I copied and pasted the exact code from here and it gives me this:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
I then included the line from your tutorial to get rid of the 500 error (which I think is the internal server error, correct?):
AddDefaultCharset utf-8
Hoping that would fix it, but still get the same error. I emailed my provider and they said mod_rewrite was definitely on. ANy ideas?
Thanks.
j.
March 15th, 2006 - 22:21
Oops, sorry meant to post the code that I used-it was the hotlinking code to block certain sites:
RewriteEngine on
RewriteCond %{HTTP_REFERER} myspace\.com [NC,OR]
RewriteCond %{HTTP_REFERER} xanga\.com
RewriteRule .* – [F]
J.
March 15th, 2006 - 22:32
Uhm, you should check out the logs of the webserver. In many cases there is a precise reason written there, even if the page shows a generic 500 error. Do you have access to log files or can you tell your provider to check out them?
March 16th, 2006 - 23:29
I’ll contact my provider about the logs. Thanks!
Oh, and after emailing them with the same code that I posted above, they told me what I was doing should work.
John
March 20th, 2006 - 07:33
Very helpful stuff! Great job!
April 5th, 2006 - 04:24
Thanks a lot for letting me translate it. You can find the Spanish version of this tutorial at: http://www.enespanol.com.ar/2006/04/03/tutorial-de-htaccess/
May 5th, 2006 - 13:19
complimenti per il lavoro…
May 26th, 2006 - 21:28
I don’t know what to name the file or where to place the file in my root directory to get any mistypes back to my main page.
if someong tyes in NewHotMusic.com/j
and ther is no j or anything that is undefined, I’d like the page to route back to the index…how do I save and where do I place your script?
ErrorDocument 404 /errors/notfound.html
May 27th, 2006 - 12:43
You have to create an .htaccess file in your root dir of the website, and then you must place that line in that file
May 31st, 2006 - 18:45
Thank you Vortex, your tutorial helped me a lot with my website http://www.portagalera.com !!!
May 31st, 2006 - 22:00
Yes, it helped me also on my website http://www.netwargamingitalia.net, thanks a lot !
*indicizz*, *indicizz*, *indicizz*, *indicizz*
( e qui ci va l’ASDone faccione a schermo intero )
July 21st, 2006 - 21:02
I used the hot-link prevention code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.atthewell.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.atthewell.com.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://atthewell.com/.*$ [NC]
RewriteRule .*\.(gif|jpg|wma|wmx|wax|asx|asf|rpm|rm|swf|mid)$ – [F]
It works to prevent gif and jpg, but allows wma, wmx, swf.
I tried adding the line last, but it gave my entire site a 500 error:
http://www.atthewell.com/audio/bandwidth_theft.jpg [R,NC,L]
Any help is appreciated.
September 1st, 2006 - 13:37
hi,
its very useful and excellent guide for me to learn some new things about url rewriting but i have faced some problem when i am trying to show my profile,i have given the url as below
http://www.i-netsolution.com/hariharan
pls guide me to do this!!!
November 29th, 2006 - 17:48
Hi! I setup SSL/TLS on apache 2.0.
Its working fine apache only listen on 443 port for incoming connections. My question is:
How to config apache , for example when user type http://www.dome.com to automatic redirect him to port 443 and https connection. Now when i use http://www.domain.com he dont display anything because apache don listen on 80.
Can you help me, please? Thanx :)
December 21st, 2006 - 20:52
Thank you Vortex, your tutorial is very good
January 5th, 2007 - 16:39
Nice article, very short and helpful.
You should add this site: this site as a source.. bye
January 9th, 2007 - 00:19
Hi VortexMind,
Great article, could use some help though.
I wish to protect a 200mb wmv video file (Im using for education purposes in my business) from being hotlinked and accessed “other” than from my own site (virtual hosted), hopefully without the need for someone to enter password etc. I can afford bandwidth on my own site, but not if others in my business nationally tap into my video. So far, I am successfull in preventing hotlinks (see code below) but if someone types in the direct URL they get access. They could frame that direct url and Im in trouble bandwidth cost wise. Please take a moment and look see what Im doing wrong or to make suggestions. Thanks again for all the great work you do to help others. God Bless.
.htaccess code saved (ascii file) in a subdirectory holding wmv and flv files
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?MyWebsiteURLhere.com(/)?.*$ [NC]
RewriteRule .*\.(gif|jpe?g|png|bmp|wmv|flv)$ [F,NC]
All the best,
MusicMan
January 9th, 2007 - 14:54
MusicMan: AFAIK you cannot do what you ask with htaccess file. If you want to restrict resource usage to some user group, you must authenticate them in some way before letting them access the resource.
January 9th, 2007 - 17:07
Thanks Vortexmind for your prompt reply. Please excuse my ignorance on the subject, but it just seems odd that if a webmaster wishes to only allow access to content from only their own website and not allow others to hotlink or page frame the content, they could only do so by means of using passwords. Maybe htaccess isnt the vehicle to accomplish the task at hand. I’m sure I am not the only one who has a need for such a request. I will continue on with my quest for answers and feel free to contact me anytime with suggestions.
All the best to you and your fellow bloggers.
MusicMan :PROgram:
January 9th, 2007 - 21:20
Found this tutorial very useful. My focus was a custom 404 page, which left me with a question. Is there a way to include users getting the custom page when they enter a .php extension? My custom page works fine as long as they’re looking for http://somepage.html, but if they enter http://somepage.php they get the standard IE 404 page not found response.
January 29th, 2007 - 17:15
I just downloaded Apache latest version on my windows xp platform.
I am trying to protect my website with username and password.
In the httpd.conf file I added line for my directory
…/htdocs/test
Allowoverride AuthConfig
order allow deny
options none
This is what is configured.
.htaccess file is created with
AuthConfig private
AuthAccessFile ……/password.txt ( eventhough I generated password using htpasswd changed it to password.txt file moved it ot another directory.)
…. basic
… require valid-user.
When I restart apache I get 403 error. Never get user prompt.
If I add one more line under my dir. in httpd file saying allow all, I can access my site without being prompted for username etc.
Can someone help me please?
Thanks,
RH
March 15th, 2007 - 06:22
Wow you sure have a lot of new info for me..
htaccess can be way overwhelming for a newbiw like me.. SO just wanted to say I appreciate your tutorial!
Have you seen this one?
http://www.askapache.com/2006/htaccess/htaccesselite-ultimate-htaccess-article.html
March 29th, 2007 - 17:34
Real cool one ! Thanks !!
April 10th, 2007 - 13:41
I am just trying to learn more about htaccess file and this is good info for me. I gather lot of info..