Apache and other web servers allow the web server administrator to make per-directory configuration modifications as a convenience to the web site operator. This is usually done in the form of .htaccess files. As a webmaster, an .htaccess file is very useful as it allows you to change the actual pre-set server configuration, normally only set by the server administrator, to the specific configuration needed for your web site.

The configuration lines in the .htaccess file are the same as the configuration lines in the server configuration. When you edit an .htaccess file, you are actually editing the configuration for the web server, though your configurations are localized to the directory in which the .htaccess file is placed.

Most hosting providers have liberal rules as to what you can put in your .htaccess files, allowing you to make any modifications you like. The most useful are listed below.

Errordocument

This line tells the server what page to send the viewer to when it encounters an error. The most common is a 404 error, which means the requested web page does not exist on the server. To setup an Errordocument command, use the following format:

Errordocument <error code> <url>

Example: Errordocument 404 http://www.yourdomain.com would send the viewer to your home page when they requested something that did not exist.

Other codes:

401 – This code is generated when someone tries to access a members’ area without a proper username & password. Note: You cannot put a domain on this error. It will not work. The url must be on the same website. Example: Errordocument 401 /error.html

403 – This code is generated when the user requests something that he or she cannot access. This is usually due to file permissions or a rewrite rule (explained in my “understanding rewrite” series of articles). Don’t confuse this error with 401 authorization error.

500 – Internal server error. This happens when a script does not execute properly.

I recommend that no other errordocuments are set. Other errors, such as 400 or 402, are rarely produced, and are normally done by a spider rather than a person.

Also, I recommend a separate page for each error, and that errors are not sent to home pages. Quite often, the errors are not produced by surfers you can get any revenue out of, so there is no reason to waste transfer.

User Authorization

AuthName “members area”
AuthType Basic
AuthUserFile /home/user/htpasswd
require valid-user

This set of lines makes a members’ area. The Authname line tells the browser what area to use this username for. For most webmasters, Authtype will always be basic. AuthUserFile points to the location of the password file for the members’ section. This file must be created first (out of scope for this article). Require valid-user tells the server to require that the viewer supply a username and password before viewing pages.

Rewrite Rules

Please read my upcoming articles on “Understanding Rewrite Rules.” Besides the above, this is the most common use for .htaccess files among webmasters. It is essential that a successful webmaster understand these commands.

Options

This configuration directive allows many modifications to the way your site is viewed. One of the following words is placed after the Options command. This changes the total actions of the directory, overriding anything placed in the configuration by the server administrator. For that reason, I’d recommend use the ‘+’ or ‘-‘ symbol before the action to specify that the action is added or removed from the current list of actions.

• Indexes – This tells the server to list the contents of a directory when the user requests a directory that does not contain an index file. Most webmasters forbid this, so the correct line would read: Options –Indexes
• ExecCGI – Allows the execution of cgi scripts.

Restrict or Deny Access

order allow, deny
allow from all
deny from 192.168.1.25

This set of code allows you to restrict access to the directory based on the user’s IP address or host name. The order command tells the server to look in the allow list first, and then look in the deny list. For example, if the address is listed to be allowed but also listed to be denied, it will be denied since that is checked last.

You can set as many allow or deny commands as you like. The allow or deny addresses can be full or partial ip addresses or domains. For example: deny from aol.com would disallow access from an address with aol.com in the address. For more info on this, look here: http://httpd.apache.org/docs/mod/mod_access.html

.htaccess is a highly useful convenience for webmasters and is important for the webmaster to understand fully. Please check back this month for much more information on the usage of .htaccess files.