Bluehost Web Hosting Help

.htaccess Tutorial

Summary

In this tutorial you will find out about the .htaccess file and the power it has to improve your website. Bluehost supports .htaccess files however as a customer you are responsible for what is in this file and how it changes your site.

Creating a .htaccess File

You can create a .htaccess file on your local computer or on the server.

On your computer:

Windows: Using Notepad save the file as .htaccess

Mac OS X: Using TextEdit save the file as ".htaccess"
Note: If you save the file as .htaccess it will be hidden and you will not be able to see it in the Finder.

Using your preferred FTP client upload the file to the server. The .htaccess file will need to be in the folder where your site is located, typically the public_html folder.

On the server

  1. Login to your cPanel Account
  2. Click the File Manager icon, located in the Files section.
  3. From the File Manger popup choose "Choose Hidden Files (dotfiles)."
    Note: If you do not see this popup you will need to click the "reset all interface settings" link at the bottom of the cPanel page.
  4. From the File Manager popup choose the folder you would like to open, most often the "Web Root (public_html/www)"
  5. Click the Go button.
    Note: If you are in the File Manager already you can add &showhidden=1 to the end of the URL.
  6. Click the New File icon to create a new file and name it .htaccess

Alternative Index Files

You may not always want to use index.htm or index.html as your index file for a directory, for example if you are using PHP files in your site, you may want index.php to be the index file for a directory. You are not limited to 'index' files though. Using .htaccess you can set foofoo.blah to be your index file if you want to!

Alternate index files are entered in a list. The server will work from left to right, checking to see if each file exists, if none of them exist it will display a directory listing (unless, of course, you have turned this off).

DirectoryIndex index.php index.php3 messagebrd.pl index.html index.htm

Custom Error Pages

You can customize your own, personal error pages (for example when a file is not found) instead of using Bluehost's error pages or not having an error page. This will make your site seem much more professional.

You can use custom error pages for any error as long as you know its number (like 404 for page not found) by adding the following to your .htaccess file:

ErrorDocument errornumber /file.html

For example if I had the file notfound.html in the root directory of my site and I wanted to use it for a 404 error I would use:

ErrorDocument 404 /notfound.html
If the error page is not in the root directory of your site, you can enter the path to the file:
ErrorDocument 500 /errorpages/500.html
These are some of the most common errors:
        401 - Authorization Required
        400 - Bad request
        403 - Forbidden
        500 - Internal Server Error
        404 - Wrong page
        

Stop a Directory Index From Being Shown

Sometimes, for one reason or another, you will have no index file in your directory. This will, of course, mean that if someone types the directory name into their browser, a full listing of all the files in that directory will be shown. This could be a security risk for your site.

To prevent against this (without creating lots of new 'index' files, you can enter a command into your .htaccess file to stop the directory list from being shown:

# disable directory browsing
        
        Options ExecCGI Includes IncludesNOEXEC SymLinksIfOwnerMatch -Indexes
        
        # enable directory browsing
        Options All +Indexes

Deny/Allow Certain IP Addresses

To only allow people with specific IP addresses to access your site (for example, only allowing people using a particular network to get into a certain directory) or you may want to ban certain IP addresses (for example, keeping disruptive members out of your message boards).This will only work if you know the IP addresses you would like to ban.

Please keep in mind that most ISP's use dynamic IP addresses, so this is not always the best way to limit/grant access.

Block an IP Address

#Deny List
        
        order allow,deny
        deny from 123.123.123.123 #specify a specific address
        deny from 123.123.123.123/30 #specify a subnet range
        deny from 123.123.* #specify an IP address wildcard
        allow from all

Allow an IP address

#Allow List
        
        order allow,deny
        allow from 123.123.123.123 #specify a specific address
        allow from 123.123.123.123/30 #specify a subnet range
        allow from 123.123.* #specify an IP address wildcard
        deny from all
        
Note: This will still allow scripts to use the files in the directory.

Redirection

There is a tool in the cPanel that can create the Redirects for you, please see How to create a Redirect

Redirect from a specific file to a new file

Example:

Redirect /redirect_from.html http://www.newsite.com/folder/redirect_to.html

In the above example, a file in the root directory called redirect_example.html is redirected to the URL http://www.newsite.com/folder/redirect_example.html
If the old file were in a subdirectory then you could use:

/subdirectory/redirect_from.html

WildCard Redirect / Redirecting from one folder to a new folder

Redirect /redirect_from http://www.newsite.com/redirect_to

Now any request to your site below /olddirectory will be redirected to the new site, with the extra information in the URL added on, for example if someone typed in:

http://www.example.com/redirect_from/images/image.gif

They would be redirected to:

http://www.newsite.com/redirect_to/images/image.gif

Redirecting (URL Rewriting) with Joomla

To enable URL Rewriting in Joomla you will need to copy and paste the following code into your .htaccess file.

        # For security reasons, Option followsymlinks cannot be overridden.
        #Options +FollowSymLinks
        Options +SymLinksIfOwnerMatch
        

Password Protection

One of the many uses of the .htaccess is being able to reliably password protect directories on websites.
Note: If you would like to use the cPanel tool to password protect your folders please see our article: Password Protect a folder on your website

The .htaccess File

Adding password protection to a directory using .htaccess takes two stages. The first part is to add the appropriate lines to your .htaccess file in the directory you would like to protect. Everything below this directory will be password protected:

AuthName "Section Name"
        AuthType Basic
        AuthUserFile /home/username/.htpasswds
        Require valid-user 

There are a few parts of this which you will need to change for your site. You should replace "Section Name" with the name of the part of the site you are protecting e.g. "Members Area".

The /home/username/.htpasswds should be changed to reflect the full server path to the .htpasswds file (more on this later). If you do not know what the full path to your webspace is, check your Bluehost cPanel. Look on the left "stats" column of the cPanel.

The .htpasswds File

Password protecting a directory takes a little more work than any of the other .htaccess functions because you must also create a file to contain the usernames and passwords which are allowed to access the site. These should be placed in a file which (by default) should be called .htpasswd. This can be placed anywhere within you website (as the passwords are encrypted) but it is advisable to store it outside the web root (in your home directory) so that it is impossible to access it from the web.

Entering Usernames And Passwords

Once you have created your .htpasswd file (you can do this in a standard text editor) you must enter the usernames and passwords to access the site. They should be entered as follows:

username:password

Where the password is the encrypted format of the password. There is a good username/password service at the KxS site which will allow you to enter the username and password and will output it in the correct format.

For multiple users, just add extra lines to your .htpasswd file in the same format as the first.

Accessing The Site

When you try to access a site which has been protected by .htaccess your browser will pop up a standard username/password dialog box. Alternatively you can send the username and password (unencrypted) in the URL as follows:

        http://username:password@www.website.com/directory/ 
        
Knowledgebase Article 1,104,163 views bookmark tags: htaccess tips tricks (updated 366 days ago)


Was this resource helpful?

Did this resolve your issue?


Please add any other comments or suggestions about this content:





Recommended Help Content

Knowledgebase Article

URL redirect/rewrite using the .htaccess file

How do I perform a URL redirect/rewrite using the .htaccess file? (updated 605 days ago)

Knowledgebase Article

Setting file and user permissions

Short tutorial on how to set file and user Permissions in cPanel. (updated 635 days ago)

Knowledgebase Article

How to fix ExecGCI in .htaccess

How to run CGI scripts for Addon domains. (updated 635 days ago)

Related Help Content

Knowledgebase Article

Optimizing WordPress

Tips and tricks to make your wordpress blog load faster (updated 428 days ago)

Knowledgebase Article

How to host the Primary Domain from a subfolder (.htaccess)

How do I make a sub directory (or sub folder) act as the public_html for your main domain? (updated 147 days ago)

Knowledgebase Article

Hotlink Protection Using mod_rewrite

Preventing bandwidth theft using the mod rewrite engine and .htaccess (updated 636 days ago)

Knowledgebase Article

FTP Setup Using Dreamweaver 8

How do I setup Dreamweaver 8 for FTP? (updated 663 days ago)

Knowledgebase Article

Right-Click Image Protection

How can I protect the images on my website? (updated 982 days ago)

Knowledgebase Article

Password Protect a File

How do I Password Protect a single file on my website? (updated 628 days ago)

Knowledgebase Article

Must I restart Apache after changing a htaccess file?

Hard refresh after changing the .htaccess (updated 429 days ago)

Knowledgebase Article

Cron Jobs with PHP and other File Types

This article will explain how to run php and other file types using Cron jobs. (updated 427 days ago)