.htaccess files are used to override the default settings of your webserver, such that special options are used for particular directories. They can be used to password-protect areas, to use custom error messages, to do fancy redirecting or custom headers, and even to change the way certain file-types are displayed
The method is to create a text file called .htaccess in your website somewhere, which will apply to the directory it's in, and any subdirectories. Note that some FTP programs will not let you see files with a dot at the beginning of the filename, until you turn on 'show hidden files'. (the dot indicates a hidden file in *NIX)
This page contains some notes on what you can do with .htaccess files, but there's plenty more if you search the web. All the tricks below work with the Apache webserver, and the 'main' server configuration needs to be setup to allow you to use .htaccess files (most are).
AuthName "Description" AuthUserFile /full_path/.htpasswd AuthType Basic <Limit GET> require valid-user </Limit>
To password protect a directory, you need to create an .htpasswd file (it can be any name), containing a list of usernames and passwords. You can use tools on the internet to create this file, but the easiest way is to get a *nix computer, and type:
htpasswd -c .htpasswd username
where .htpasswd is the file you want to save the password list to, and username is the username you want to create. It will prompt you to type a password. The -c bit means 'create the file', so leave it out if you're appending passwords to an existing file
As to the code you put in .htaccess, the main thing to get right is the location of your .htpasswd file. It will be the full pathname on the server of the file, and it is NOT relative to your website root. You can find out what the path of your webserver is by looking at a phpInfo() page, or just asking whoever runs the server.
The AuthName is a description identifying the area of your website which is password-protected. This not only appears in the title of the password- request when someone views a page, but can be used by browsers to store passwords, and re-send them each time someone requests subsequent pages in that password-protected area.
ErrorDocument 404 /Help/NotFound.htm
404 is the famous HTTP code for a page not found, and plenty of people want to put something useful here, rather than the browser-default error.
Note that if you do this, it can mess with some automated tools which expect a 404 error. It also uses additional bandwidth when a page is not found, and it displays the error in your language, rather than the language of the person's browser.
The error document seems to require an HTML extension, and it doesn't like being pointed to a PHP file for some reason. It's possible to get around this though: see the 404-handler program for details.
RedirectPermament /oldfile http://www.mywebsite.com/newfile
If you want to move a directory, but want links to the old directory to still work. No need to waste disk-space with a copy of the directory, just tell your .htaccess file where it's moved to.
<files *> deny from all </files>
Put an .htaccess file with this into any directory if you want to hide it from view.
<files .*> deny from all </files> <files *~> deny from all </files>
This will stop people accessing your hidden files (with a dot at the beginning), and your backup files (with a tilde at the end)
