Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

Using the .htaccess file to help secure your website and also block IPs
13-07-2010, 01:01 PM (This post was last modified: 08-09-2010 06:42 PM by howtothings.)
Post: #1
Using the .htaccess file to help secure your website and also block IPs
In this tutorial i'll be showing you how to secure your website(s) and a few other tricks using the .htaccess file.

What we'll be covering

1. URL Redirection
2. Custom error pages
3. Protecting folders and directories
4. Blocking specific users from your site
5. Set server time zone
6. Stopping script execution
7. Securing your .htaccess

What is .htaccess?
On an Apache server, .htaccess (hypertext access) is the default name for the directory-level configuration file that allows for decentralized management of a web server's configuration. The .htaccess file is able to override a subset of the server's global configuration; the extent of this subset is defined by the web server administrator.

URL Redirection

We'll start of with an easy one, how to redirect a web page.


Redirect [URL to redirect] [URL to redirect to]


Redirect /old/file.html

Protecting Folders/Directories

This again is simple yet effective.

SYNTAX - (For a single file)

<Files secure.php>
AuthType Basic
AuthName “Password Required”
AuthUserFile /home/path/.htpasswd
Require valid-user

SYNTAX - (For a directory)

To password protect a directory, you need to create two files in the directory you wish to password protect.

One needs to be called ".htpasswd" and the other ".htaccess", the contents of ".htpasswd" are as follows:

In this file you need to specify usernames as passwords in the format; "username:password" - the password needs to be encrypted and can be done so via the following website(s):

That's your password file complete, now on to the .htaccess file.

AuthType basic
AuthName “This directory is password protected, GTFO”
AuthUserFile /home/account/public_html/directory/.htpasswd
Require user username

There are a few different ways to have the .htaccess file but after an hour or so trying them all, this one worked best for me.

Blocking IP addresses / specific users

This is a very effective way to stop viewers from accessing your site, this feature supports domains and wild cards.

There are two main commands, "deny" and "allow".


order allow,deny
deny from 111.222.333.444
deny from
deny from 192.168.
allow from all

Stopping script execution

This is a useful command that will stop certain script types from being executed on your server, this can be used to prevent shells.


Options -ExecCGI
AddHandler cgi-script [File extension(s) separated with a space]


Options -ExecCGI
AddHandler cgi-script .asp .cgi .htm .pl .py .php .jsp  .shtml .sh

If you've got any problems, please post them below.

[Image: engrish25.png]
08-09-2010, 06:44 PM
Post: #2
RE: Using the .htaccess file to help secure your website and also block IPs
Just updated password protecting a directory with .htaccess and .htpasswd as i've just used this on another site i own.

[Image: engrish25.png]
08-09-2010, 07:15 PM
Post: #3
RE: Using the .htaccess file to help secure your website and also block IPs
Now this is a sweet tutorial :tongue. Will show this to my uncle. He did it some real complicated way. Modifying the htpasswd would probably be so much easier. Cheers.

[Image: nomnomnom.jpg]
The decrypt code is V, I could not make it any simpler!
03-04-2013, 06:45 PM
Post: #4
RE: Using the .htaccess file to help secure your website and also block IPs
.htaccess file is necessary to secure our website from many threats. If you want to be really safe, use .htaccess to limit admin panel access to only to your IP. I am using .htacess file for avoiding problem of copy content. If you are using this then post perfect code for running .htaccess file. .htaccess files are able to handle configuration changes on a per-directory basis.

Forum Jump:

User(s) browsing this thread: 1 Guest(s)