HTACCESS is a file (.htaccess) that can be placed in any folder on your website to help control how and who can access content within that folder. There are many things you can do with an HTACCESS file such as adding password protection or block unwanted visitors. Here are 10 useful tricks that you can use to on your website.
1) If you have errors in your HTACCESS file, you can crash your entire website. To test or disable individual lines of code in the .htaccess file, place a # character at the beginning of the line you want to disable.
2) Blocking bots - Bots can be very useful and help you, but they can also harm your site and cost you money by increasing your bandwidth usage. Companies like Google use bots to surf the net to collect information for their search engine. Spammer use bots to collect email addresses. Here is a simple way to block individual bots:
BrowserMatchNoCase SpammerRobotNameHere bad_bot
Deny from env=bad_bot
To find the name of bots that are visiting your website, see your website's access logs and look at the User Agent names. Search Google for pages that list bot names.
3) Blocking Spam Bots - Some bots are designed to find and submit spam or harmful code to forms and scripts on your website. One way to do this is to limit what User Agents can POST to your website. In this example we are blocking three different bots known to submit spam to contact forms. Check your server access logs to identify bots being used to spam you.
SetEnvIfNoCase User-Agent .*Gecko.* bad_bot
SetEnvIfNoCase User-Agent .*FunWebProducts.* bad_bot
SetEnvIfNoCase User-Agent .*DigExt.* bad_bot
Allow from All
Deny from env=bad_bot
4) Redirecting - It is often necessary to move, remove or rename pages on your website. When you do this, it can cause people to receive 404 error if they have bookmarked the page or found it on a search engine. Here is a simple way to redirect them to the new URL.
redirect 301 /old-page-name.html http://www.completedomainname.com/new-page-name.html
5) Blocking IPs - It is sometimes necessary to block one or more IP addresses or domains from accessing your website. Reasons for this include blocking hackers, spammers and site leaches. In this example, we will block the IP address 126.96.36.199. Copy the "deny from" line for each IP address or domain that you want to block. Online Tool: countryipblocks.net
deny from 188.8.131.52
allow from all
6) Custom Error Docs - If you want to customize your error documents, you will need to let the server know where to find the error pages. There are many different error types, so you will need to create a different error documents for each error type that you want to customize.
ErrorDocument 401 /error_pages/401.php
ErrorDocument 403 /error_pages/403.php
ErrorDocument 404 /error_pages/404.php
ErrorDocument 500 /error_pages/500.php
7) Default Pages - When you go to a website, you don't use the page name (i.e. http://whiteboardstrategy.com/). The server automatically chooses a page to display to the visitor. Sometimes you may want to change which page the server chooses as the default page for a website or directory. In this example we will tell the server to look for index.html. If this file does not exist then load index.php then index.htm.
DirectoryIndex index.html index.php index.htm
8) Blocking Access to Specific Files - There are times when you want or need a file on your website, but you do not want visitors to access the file. For example, you may have a myaccess.log or .comment file that you want to block. The following example accounts of capitalization such as .ComMenT.
Deny from all
9) Turn off Globals - Global variables are a huge security risk. They can give hackers access to your web site and the entire web server. By default, most web hosts turn off access to global variables. If they have not, you should do it yourself like this:
php_value register_globals off
10) File Sizes - It is often useful to limit or increase the default limit of files being uploaded using PHP scripts. The following will increase the default limit of 2 MB to 12 MB. Files larger than this should not be uploaded using PHP scripts due to timeouts and connection errors common to HTTP requests.
php_value upload_max_filesize 12M
php_value post_max_size 12M