How to Save Bandwidth with .htaccess

Question: My dynamic PHP-driven site is popular and is using a lot of bandwidth. What can I do to save that precious bandwidth?

Answer: Those of you who have to worry about bandwidth should really consider yourselves lucky. It means that your website has been more successful than the majority of others on the Web. Still, I sympathize a little with you, because bandwidth does cost money, and any sensible person will try to save money whenever possible.

With the combination of Apache and PHP, there is an easy way to cut your bandwidth usage nearly in half, and it’s very easy to do. I have not had a chance to test this, but according to corz.org, it only takes one .htaccess directive:

< ifmodule mod_php4.c>
php_value zlib.output_compression 16386
< /ifmodule>

Save that in an .htaccess file, and you are good to go. There are some limitations, particularly if your PHP installation is less than normal. You can read about them on the aforementioned site. Happy savings!

Photo Source: Flickr

Alternative Index Entries

Question: How do I configure my website to automatically go to a page other than index.***?

Answer: If your web hosting provider is hosting your site using Apache HTTP server, you can accomplish this very easily with an htaccess file. If you do not already have one, create a plain text file in your main web-accessible directory called .htaccess.

Next, use the DirectoryIndex directive followed by filenames you want to include. For example, if your server allows index.html index.htm and index.php but you want index.pl, enter on the first available line in the htaccess file:

DirectoryIndex index.html index.htm index.php index.pl

You can even specify a completely different word like “default.html” or “messageboard.php”. Just one simple line can go a long way in making your site feel the way you want it.

Photo Source: Flickr

How to Disable "Register Globals" in PHP

Many content management systems (CMS) like Joomla recommend users disable a PHP security feature called “register_globals”. The default setting for it is controlled by your server administrator. If you have a shared hosting account, however, you still might be able to override the default server settings.

To accomplish this, create an .htaccess file (or edit the one you already have), and add the following line:

php_flag register_globals off

The reverse is also true. You can change “off” to “on” to enable register_globals when it is off on your server. Unfortunately, your web hosting provider still holds the keys and can disable your ability even to override it. In that case, contact your host and find out if they can modify the settings for you.

Password Protecting Your Directories

Question: How do I password protect a directory on my website?

Answer: Many web hosting control panels offer a “password protect” feature for your directories. If not, there is a moderately easy way to do it with an Apache .htaccess file.

First, create an .htaccess file that looks like this:

AuthUserFile /home/yourname/.htpasswd
AuthName “Password Protected”
AuthType Basic
require user yourname

Replace “yourname” with your desired username. Next, you will need to create the .htpasswd file in the location you specified. This requires you to have an encrypted password entry:

username:encryptedpassword

Use the following form to create one: Htpasswd Generator.

How to block an IP address from your website

It is always important to check your website logs. Many web hosting providers will give you access to them, even if they do not tell you they do. In a virtual hosting account, there will be a log directory with Apache server logs. Among other things, it will tell you the IP addresses of your visitors.

Sometimes you have pesky visitors to your site who just do not get the hint. It may be someone who constantly leaves nasty posts on your message forum or someone with even more malicious intentions. Regardless of the reason, a simple htaccess file can help you tremendously. In the root directory of your website, make an .htaccess file or edit the current one, entering the following information:

order allow,deny
deny from 192.168.0.1
allow from all

You can change the “deny from” to any IP address, and you can add more than one “deny from” line. This will give someone coming from that IP address an access denied error.

Photo Source: Flickr

What is directory listing?

Question: What is “directory listing” and how do I enable/disable it?

Answer: On an Apache HTTP Server, directory listing refers to a directory on the server that does not have a default index file. The file is usually called index.html, index.htm, index.php, etc. That is the default page that visitors will see when they go to a directory on your website, such as www.yourdomain.you/directory.

If there is no index file, Apache can do one of two things: 1. display an error, forbidding the visitor from seeing the contents of the directory or 2. display a list of the directory contents. Your web hosting provider determines the default setting for directory listing, but you can control it in each directory using an .htaccess file.

Create a new file called .htaccess or open your current one in the directory you want to configure. Then simply add this line to disable directory listing:

Options -Indexes

or this line to enable it:

Options +Indexes

How to Redirect HTTP to HTTPS

Question: How do I force users to use the SSL version of a folder on my website?

Answer: With e-commerce websites it is very important to make sure your customers have a secure connection to your website. Nothing can be more damaging to a business than to have sensitive user information leaked to would-be attackers and cyber-criminals. While you can always make sure your links point to the SSL version of a particular page, user might still reach the page without the “https” protocol. Using a simple Apache rewrite rule, you can ensure that even if users go to http://www.yoursite.com/billing, they will be redirected to https://www.yoursite.com/billing.

In the directory you want to redirect, create an empty .htaccess file and add the following code:

RewriteEngine on
RewriteRule (.*) https://www.yoursite.com/billing/ [R=301,L]

That is all it takes. Now you will guarantee your users a secure experience whenever they access your site.

2 Ways to Redirect Your Website

Question: I want my website redirected to another site or page on my server. How do I setup automatic redirection?

Answer: There are many easy ways to redirect your website. Here are two commonly used methods.

1. .htaccess Redirect: Using an .htaccess file, you can instruct a visitor’s browser to any page on your website to look elsewhere for that page. This is useful because, in addition to redirecting the main page of your site, you can redirect any internal page to another.

In a previous post, we learned how to make error documents using .htaccess files. This uses the same principle but relies on the 301 Redirect code rather than a typical error code. It is quick and easy. Simply create an .htaccess file in the directory of the page you want to redirect. Then enter this on the first line:

Redirect 301 /oldpage.html http://www.example.com/newpage.html
Read More >>

Custom Error Documents With Apache

Question: I noticed other websites have flashy 404 Not Found pages instead of the standard boring Apache page. How do I create my own custom error documents?

Answer: Creating your own error documents is easier than you think. Just follow these simple steps.

1. Design your pages the way you normally would. Make one for each error you want to customize.

The most common are 404: File Not Found, 403: Forbidden, 500: Internal Server Error, 401: Authorization Requied, and 400: Bad Request. You can also take a look at a more extensive list of error codes.

2. Copy the error documents to a folder in a web accessible directory (i.e. public_html or something similar). For example, it could be /www/public_html/errordocs.

3. Create an .htaccess file in the main web accessible directory.

4. Enter your codes and their corresponding files in the .htaccess file:

ErrorDocument 400 /errordocs/400.htm
ErrorDocument 401 /errordocs/401.htm
ErrorDocument 403 /errordocs/403.htm
ErrorDocument 404 /errordocs/404.htm
ErrorDocument 500 /errordocs/500.htm

That is all it takes. Now any future errors will be redirected to your custom pages.

Photo: Flickr

Using .htaccess Files on Your Website

Question: What Is .htaccess and How Do I Use It?

Answer:

Apache HTTP Server by default is controlled by a single configuration file. On many Linux distributions, the file is called httpd.conf or something similar. If you have a shared hosting account, however, you do not have access to an Apache configuration file. Therefore, if you want Apache to behave a certain way when you are using it, you need to use .htaccess files.

The first thing to know about .htaccess files is that they are hidden. The period in front of the filename makes it a hidden file in Linux. When you type the command “ls” to list the files in a directory, you will not see hidden files. To view them, all you have to do is type “ls -a” which will show all files, including the hidden ones. If you do not have SSH access, you will need to configure your FTP client to see hidden files. The second thing to know about .htaccess is that the configuration options are virtually endless.

If you have a specific need for one, it is good to know how to find them. For example, with many content management systems, they use .htaccess files to create search engine-friendly URLs (i.e. changing index.php?2343546adf&thisandthat2343 to something like homepage.html). They usually provide the file as htaccess.txt. All you have to do is change it to .htaccess. You can do all sorts of things with .htaccess, from making custom Error 404 Not Found documents to setting up a password-protected directory. For an extensive tutorial of .htaccess features, see this site.