Maxi Website Hosting FAQ
What is .htaccess?  What is it used for?

 

 

1. What are .htaccess files?

An .htaccess file is a special file that provides specific control over the functioning of an Apache web server. The server already has it's basic settings, but using .htaccess files lets you control specific things in specific places, overriding the server's normal settings. These files only affect people viewing your site with a web browser, not when you connect via FTP.

An .htaccess file is simply a plain text file. Each directory can have a .htaccess file in it, each defining different things. An .htaccess file in one directory affects all the subdirectories below it, unless limited with tags or another .htaccess file in a subdirectory that specifically overrides the one above it.

.htaccess files must be spelled in lowercase letters. .HTAccess is not the same thing. .htaccess is the file extension. It is not file.htaccess or somepage.htaccess, it is simply named .htacces

top of page

 

2. Why does .htaccess file start with a . ?

This is not specific to .htaccess files. Any file in Unix that starts with a "." is considered a hidden file. In a normal directory listing, you won't see those files listed, because normally, they are files you don't need to see all the time, but files that need to be there, so Unix hides them.

Some FTP applications have "Show Hidden Files" command to show all the hidden files. Just because you can't see it, however, doesn't mean the file isn't there.

 

 

3. How do I delete an .htaccess file?
As you may have noticed, you can't normally see the .htaccess file in the directory listing in your FTP application. If your FTP application does not have a "Show Hidden Files" command, or it doesn't work , you can delete the file doing one of two things.

If your FTP application has a quote command, you can type in commands to the server (same for those using command-line FTP programs). Select the quote command and type (whichever works):

del .htaccess
or
site del .htaccess
The other way is to just upload a new .htaccess file with nothing in it to overwrite the old one, which works just as well.

Of course, keep in mind this works for any "." hidden files, so be careful what you delete. With Unix-based machines, there may be a number of important hidden files laying around. Just be careful what you delete.

 

 

4. How do I limit access to certain directories?

Access control is controlling who can see what files in your account. You can block or allow access to certain files or whole directories of files in a number of ways, depending on what you need. If you want to limit access with the use of passwords, see the next section.

The main uses of access control is to block or allow only people that are browsing your pages from specific IP addresses, subnets, host names and entire domains.

One reason you might want to do this is if you have someone that won't stop leaving you offensive comments in your guestbook. You can find out the user's IP address or host name by adding the right code to the guestbook script and then use that to block the user from accessing the guestbook form, or the entire site. Another use would be to allow all people that are members of a specific domain, for example, to have an AOL-only site which only allows users of AOL to see it.

Simply define who can view the site or who can't, as in the following example:

order allow,deny
allow from all

# block a specific IP address
deny from 123.123.123.123

# block a subnet, e.g. 123.234.56.0 through 123.234.56.255
deny from 123.234.56.

# block a specific host name
deny from machine.domain.com

# block a given domain name:
deny from .otherdomain.com

The first line tells the server which order to evaluate the directives. For "order allow,deny", any "deny" directives override the "allow" directives. For "order deny,allow", any "allow" directives override the "deny" directives. NOTE: Do not put a space between the allow and deny directives in the order statement.

The second line tells the server that anyone can view the site.

The rest of the lines tell the server who can't view the site.

In this case, anyone can see the site, unless they are coming from the specified addresses or domains in the "deny" directives.

You can hide the entire directory with an .htaccess file that contains this:

order deny,allow
deny from all

 

 

Helene Solinga

Maxi Website Hosting
P.O. Box 709
Putnam Valley, NY  10579