Beginners guide to .htaccess file with examples @ BlogHASH
.htaccess files provides us with ways to make configuration changes on a per-directory basis. This file works well in Apache Web Server and on Linux/Unix. Also, it works on Windows based system with Apache Web server.

There are several things that developers, site owners and webmasters can do by using .htaccess file. Let’s look at some of them:

* Prevent directory browsing
* Redirect visitors from one page or directory to another
* Password protection for directories
* Change the default index page of a directory
* Prevent hot-linking of images from your website

Since .htaccess file allows us to make changes on a per-directory basis, the following are valid places to put the .htaccess file in:

/.htaccess [placing in root folder of the site]
/content/.htaccess [placing in content folder]
/content/html/images/.htaccess [in the images folder]

:idea: Any command that you place in .htaccess file will affect it’s current directory where it is placed and also it’s sub-directories. You may put a .htaccess file in the root folder such that it will affect the whole site.

:idea: Make a backup of your .htaccess file [if you have any] before you attempt any of the settings mentioned in this article. I must not be held responsible for any consequences that arises due to editing your .htaccess file. ;)
Working with .htaccess files

For creating and editing purpose, a normal text editor such as notepad will do. Alternatively, you can download a free copy of PSPad for easy editing. To be able to see files in your FTP software, you must enable settings in your FTP client to see hidden files on the remote server [applicable to your system as well]. When done editing, you can save the file with double quotes in windows. [Save file as “.htaccess”]. This will save the file as .htaccess and will not prompt you for a file name as such. I think you have quite understood these instructions. Let’s move on to some common examples and usages of .htaccess file.
Allow/Deny Directory browsing

With directory browsing on, people when open a URL from your site with no index page or no pages at all, will see all its files and folders. To prevent such directory viewing, just place the following line in your .htaccess file.

IndexIgnore */*

Many hosting companies, by default deny directory browsing and having said that, just in case you need to enable directory browsing, place the following line in your .htaccess file.

Options Indexes
Redirect visitors from one page or directory to another

It’s quite simple. Look at the example lines below and place similar lines in your .htaccess file of the root folder and it will do the rest. [Remember to use permanent keyword in the line to tell the search engines that the old link has moved to the new link]
Syntax: Redirect permanent [old directory or file name][space][new directory or file name]

Redirect permanent /olddirectory /newdirectory
Redirect permanent /olddirectory /somedirectory/newdirectory
Redirect permanent /oldhtmlfile.htm /newhtmlfile.htm
Redirect permanent /oldhtmlfile.htm

All the above lines are valid. Just remember to replace the file/directory names with actual ones.

Change the default index page of a directory or site

Almost every hosting company will have index.htm, index.html, index.php, index.asp, default.asp, default.html as the default index page names in their web server settings. So, in case your site or directory does not has a file name which matches a name from the list above, chances are that your visitors will either see a list of all the files and folders [through directory browsing] or will not see anything at all. To change the default index page’s name for a directory or the site, place the following line in the .htaccess file of the root folder or the particular directory for which you want to change the index page’s name.

DirectoryIndex homepage.htm
DirectoryIndex somepage.htm

To have more names, put a space between file names and it will take into considerations all those file names as possible index page names. Which means, if it finds a filename matching a list of names you supplied [in the given order] in .htaccess, then it will open that page as the index page for the directory. The below line, with multiple names, is also a valid usage:

DirectoryIndex homapage.html somepage.html myindexpage.html anything.html

:idea: Remember, each entry must be in one line only.
Prevening hot-linking of images from your website

If your website contains images which people from other websites are linking to and you get charged for the extra bandwidth, then placing the following lines will prevent any such image hot-linking. Most of the hosting companies provide this feature in their control panel itself, such as CPanel. This trick requires mod_rewrite engine to be on in Apache on your web server.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?*$ [NC]
RewriteRule .(gif|jpg)$ – [F]

In the above code, replace [your-domain] with your actual domain name [without www]
Prevent access to your .htaccess file

This article would have remained incomplete without mentioning this trick. ;) To prevent visitors from viewing your .htaccess file, place the following lines in your file.
order allow,deny
deny from all

Presenting custom error pages

Use .htaccess file to present users with your custom pages for 401 [Authorization Required], 403 [Forbidden], 404 [not found] and 500 [Internal Server Error].

ErrorDocument < error-code > < location -of-custom-page>

ErrorDocument 401 /401.html
ErrorDocument 403 /403.html
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html

:idea: You can include some script in your customized pages to automatically send an email to you whenever those pages are called for. This way you will be notified every time a user encounters 404, 500 and other error messages.

Redirecting[non-www] to

From a search engine optimization point of view, we will use permanent redirection such that every time a request for non-www domain is made, it’s redirected and returns a status code of 301 [Permanent Redirect].

RewriteEngine On
RewriteCond %{HTTP_HOST} ^YourSite\.com [nc]
RewriteRule (.*)$1 [R=301,L]

In the above lines, the first line tells the RewriteEngine to be On, second line mentions the Rewrite Condition and the last one is the rewrite rule.

Limiting Number of simultaneous connections

To limit the number of simultaneous connections to a directory or your entire site, use the below line. If you place it in a directory other than the root directory, then it will limit the connections to that directory and its sub-directories only. Placing it in htaccess file of root directory will implement it for entire site.

MaxClients < number-of-connections>

MaxClients 40
MaxClients 100

Allow/Disallow certain visitors from accessing your site

To accomplish it use the following lines. Look at the syntax first:

Order allow,deny
Deny from < incoming -address >
Allow from < incoming -address>

The first line [Order allow,deny] tells what should be done first. The second line tells about denying incoming-addresses [could be a single IP, an IP block, domain name and all] and third line tells about the incoming-addresses [could be a single IP, an IP block, domain name and all] those should be allowed. If second line has “Deny all”, then you should change the order of allow,deny in the first line to deny,allow.

To deny access to a single IP address and allow everyone else
Order allow,deny
Deny from
Allow from all

To deny a block of IP address and allow everyone else. [Notice the second line]
Order allow,deny
Deny from 100.100.100.
Allow from all

To deny a single IP address and allow everyone else. [Use it to block referrals from a specific domain]
Order allow,deny
Deny from
Allow from all

To deny everyone else but yourself. [Notice the order of allow,deny has changed in first line and also appending more “Allow from” lines at the end, which is valid]

Order deny,allow
Deny from all
Allow from < your-ip-address >
Allow from < another-ip-address>

Specify Administrator’s email address in error message

Using the line below in your htaccess file will display the conerned system administrator’s email address in the error messages. If you are not using custom pages for error messages, then this will help your visitors drop an email and let you know about problems.

ServerAdmin < a-valid-email-address>

ServerAdmin name(Replace this parenthesis with the @ sign)

That’s about it for now.

Also, a good reference source @ perishablepress: stupid htaccess tricks