On any website using Linux website hosting, chances are good that you have the Apache web server software at your command, which puts you in charge of the most useful file on the Internet, the .htaccess file.
If you haven’t peeked into this file and learned what’s going on in there, you’re missing out on a powerful tool for disciplining your website (and unruly users!). You can edit it with any text editor – even Notepad! Below, a hint list:
Block directory listing:
“Options -Indexes”
What it does: Stops visitors from being able to view a directory in raw form. You might do this to prevent paid content being viewable for free, or for security reasons.
Block referrers:
After the line that says “RewriteEngine on” put:
“RewriteCond %{HTTP_REFERER} badplace\.com
RewriteRule .* – [F]”
What it does: Stops visitors who follow a link from a specific site. Usually you’ll want to do this to stop a referrer spammer.
Have a custom 404 page:
“ErrorDocument 404 /my404.html”
What it does: Lets you override the default ‘file not found’ page built into the web browser with your own custom page. This is great for catching the visitor so they don’t go away discouraged. Explain the error, and offer them a link to your home page, a directory listing, a search box, or even just a silly picture so at least they smiled.
Redirect URLs:
“Redirect permanent /oldfolder http://www.yoursite.com/newfolder”
What it does: Makes all calls to http://www.yoursite.com/oldfolder/index.html go to http://www.yoursite.com/newfolder/index.html instead. This is a common problem if, say, you changed a major part of your site and will have a bunch of incoming links getting lost if you don’t redirect them. This is also called a 301 redirect and can be set up the same way as the above,
ie: redirect 301 /oldfolder/index.html http://www.yoursite.com/newfolder/index.html
Stop image hotlinking:
After the line that says “RewriteEngine on” put:
“RewriteCond %{HTTP_REFERER} !^http://(www.)?your-domain.com/.*$ [NC]
RewriteRule \.(gifjpgpng)$ – [F]”
What it does: Prevents outside websites from embedding your images in their webpages. Stealing other people’s bandwidth is a huge Internet etiquette no-no, but some idiot out there never gets it. What this string actually says is: If the file is an image (ending in gif, jpg, png) and the link is not from my site, deny it.”
Block bad bots:
Again after the line that says “RewriteEngine on” put:
“RewriteCond %{HTTP_USER_AGENT} ^BadBot
RewriteRule ^.* – [F,L]”
What it does: Prevents visitors based on the user agent (the identifying string) instead of where they came from. You would only want to do this if you think some sort of automated program is crawling your site for some nefarious purpose, such as harvesting email, downloading content to steal, or just plain being a nuisance. You *don’t* want to do this to a legitimate site crawler like googlebot! That’s Google’s own site indexer.
Make PHP executable from any file:
“?AddType application/x-httpd-php .html .htm”
What it does: Allows you to include PHP in a file with any extension, not just .php. By default, Apache only calls the PHP engine for files ending in .php. A warning: You want to think twice about doing this with some forms – For instance, if you have a blog running PHP and a comment form on that blog, a scripting attack could be initiated by typing PHP code (along with other code, such as Javascript), into the comment form.
