.htaccess tips and tricks

.htaccess (hypertext access) is the default name of Apache’s directory-level configuration file. .htaccess is placed in a particular directory, and the directives in the .htaccess file apply to that directory, and all subdirectories thereof.

The most common feature is to restrict access to a folder by force the user to a login prompt, but there are some other helpful things also that I show you in this posting.

Allow access only for the IP 127.0.0.1

order deny,allow
allow from 127.0.0.1
deny from all

Forbid access to files with extensions .bak, .sql, .inc.

<FilesMatch “\.(bak|sql|inc)$” >
deny from all
</FilesMatch>

This line make the “.txt” extension to executable PHP scripts.

AddType application/x-httpd-php .txt

Redirceting from web folder “bla” to http://phpsecurity.wordpress.com/

Redirect /bla http://phpsecurity.wordpress.com/

Rewriting you can use to make better reading URLs. It’s very handy for SEO and looks much more friendlier than long-cryptic looking URLs for your visitors.
In this example the URL can be http://example.org/de/ or http://example.org/en/ and the Rewrite engine catches the parameters in the brackets and give the value “de” or “en” to the $lang to index.php.

RewriteEngine on
RewriteRule ^(de|en)/$ /test/index.php?lang=$1

Last but not least, set a password prompt to any directory you want

on linux you create a .htpasswd file with:

htpasswd -c /path_to_folder/.htpasswd username

than you put this lines to your .htaccess:

AuthUserFile /path_to_folder/.htpasswd
AuthGroupFile /dev/null
AuthName “name”
AuthType Basic
<Limit GET>
require valid-user
</Limit>

If you have any problems with .htaccess and you have access to your server, look in the error logs of your apache server. You find them in /var/log/apache2/error.log (depending on system).