One more thing I forgot to add: you should set the permissions to your .htaccess files (chmod) to 644 so the server can read them but not anyone else.
Exposing your .htaccess file imposes a serious security risk so be warned!

OK, here's a list of things you can do with them:
1. Password protect your folders
2. Rewrite your URLs (the infamous mod_rewrite) -- I'm not going to write about this since I have already written a post about this here.
3. Change the default error documents
4. Block and allow users by IP addresses
5. Block referrers
6. Block bots you don't like and/or offline browsers, site downloaders etc...
7. Prevent listing of directories
8. Add MIME types
9. Redirect pages
10. Stop people hotlinking your files
11. Enable SSI
12. Change your default pages

1. Password protecting your web folders

So, you've finally decided to write a love song for your girlfriend who works as a IT technician, so you thought putting it on your website might be romantic. But you don't want your friends see how you make a complete fool out of yourself.
Well, I have some good news and some bad news for you. The good news is, you can password protect your love song and send the access data to your girlfriend but the bad news is that you're still making a fool out yourself since it's not romantic at all.

You still want to do it? Wow, you're persistent. Well here's how to do it:
you have a site: www.yoursite.com
and you've decided to put the love song in:
www.yoursite.com/lovesong/
And you want it protected.
Create the subfolder lovesong in your public_html folder on the web server.
Create a .htaccess file with this content in the lovesong folder:

Code:

AuthUserFile /home/myaccount/safedirectory/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic

require user mydarling

The above code will produce a password protected directory which only your darling could access.
The first line specifies the direct path (not the URL) to the .htpasswd file which contains the username and the hashed password. If possible, put this file in a folder which can't be accessed over the Web (usually a folder called private/) -- a folder which is not contained in the public_html/ or www/ folder).
Now all you need to do is create the content for this file.
It should look like this:

Code:

username:hashedpassword

To hash the password you can use this tool.

Although there are lots of tools to do this on the net. This one is just an example.

The require user line specifies that only the user mydarling can access the content of the folder lovesong/.
If you have more than one girlfriends (you dirty dog! ), add their user data to the .htpasswd file and in your .htaccess file change the line:

Code:

require user mydarling

to

Code:

require user valid-user

This allows access to all authenticated users from the .htpasswd file.

Now upload your love song (or whatever you're trying to hide) to the lovesong/ sub folder and you're good to go (get the boot from the girlfriend).

Excellent tutorials, keep going

3. Changing error documents

So what's this? Well you must have seen HTTP errors from time to time. You know: "Error 404 - Not found" and stuff like that.
Instead of the default white pages with black text you can have flashy pages that go well with your design.
There's no real reason for doing this except the fact that it makes your website look more professional.
The usual errors you'll be creating new pages for are:
400 - Bad Request
401 - Authorization Required
403 - Forbidden
404 - Not Found
500 - Internal Server Error

There are more but this isn't a place or time to list them all and creating error pages for some isn't recommended (200 in example would create an infinite loop since it's a success code).

So first create your own custom error pages and give them names.
Put them all in one folder on your server, I'll use error/ in this example.
Add this to your .htaccess file (or create a new one if you don't have one already):

Code:

ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 500 /error/500.html

You get the idea. Just be careful to get the names of your files right and you've done everything.

You can even specify HTML code in the htaccess file instead of linking to a file:

HTML Code:

ErrorDocument 404 "<body bgcolor=#FF0000><b>Not found!</b> But if you wait long enough someone might start looking for it. <img src="/smiley.gif" /></body>"

OK, you've now got custom error documents! You're way cool now!

4. Blocking and/or allowing IPs

Remember that (ex-)girlfriend of yours you wrote that love song for? Well, she ditched your ass but that's not all. Now she started spamming your site's forum, guestbook, blog. She's all over the place and you just don't have the time to delete her comments.
But you know she has a static IP. You're in luck!
Add these lines to your .htaccess file:

Code:

deny from 123.123.123.12

If her IP is 123.123.123.12 she won't be able to access your site.
You can also deny all users (even you) but the server will still be able to access the files in the folder:

Code:

deny from all

You can allow only certain users:

Code:

allow from 123.123.123.12

That's not enough?
Well you can ban or allow IP ranges. Let's say you want to ban all the users from 123.123.123.1 to 123.123.123.255
Do this:

Code:

deny from 123.123.123.

And you're set.

You can even allow or ban certain domains.
Example:

Code:

allow from www.ukwebmasterworld.com

Which would allow access to the part of your site from www.ukwebmasterworld.com

Your site is now safe from the old hag!

5. Blocking referrers

Blocking links to your site which come from one domain has numerous reasons and I'm not going to list them here. You have your own reasons and I respect them.

This is actually an update to the mod_rewrite setting. So you can only do this if you have the mod_rewrite module on your server.

This is what you write in your .htaccess:

Code:

RewriteEngine on
Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} siteyouareblocking\.com [NC]
RewriteRule .* - [F]

That will block the siteyouareblocking.com
To block multiple sites do this:

Code:

RewriteEngine on
Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} siteyouareblocking\.com [NC,OR]
RewriteCond %{HTTP_REFERER} anothersite\.com
RewriteRule .* - [F]

The [NC] makes the domain case insensitive.
The [F] in the RewriteRule is to show the 403 Forbidden error to those who go to your site via the blocked site.

Thanks for nice tutorial

MyWeb.com

can i show this above link to like this www.myweb.com/url/2345

if yes then how :d

Originally Posted by Alam

Thanks for nice tutorial

MyWeb.com

can i show this above link to like this www.myweb.com/url/2345

if yes then how :d

I've written about that as previously noted in this thread.
Take a look here:
http://forums.ukwebmasterworld.com/p...-tutorial.html

Thanks for your reply and want to know that I have visitied your indicated thread and happy for getting my result
You have done a good job for us :d