How to use .htaccess on our websites

Security on the Internet is very important nowadays as more and more confidential data is being used over the Internet. That is why any effort made by websites to protect their customers' data is not enough. Today we will show you how to use a file called .htaccess to protect certain parts of our site.

The archive .htaccess is a document that the server that sends us the web reads before carrying out any operation. This file facilitates tasks such as protecting directories or blocking access to certain malicious IPs. Below we will show you some of the tasks that are carried out:

Block directory listing

We just need to add the following line to the .htaccess file:

IndexIgnore *

Custom error pages

To display error pages as you like and avoid displaying any sensitive data that may appear in the default pages, use the following command:

ErrorDocument 404 /errors/notfound.html

As you can see, the ErrorDocument command appears followed by the error code in question and finally the link to the custom page.

Password protect directories

In this case we will use two files: the one already named .htaccess and a new one called .htpasswd.

In the archive .htaccess enter the following code:

AuthUserFile /home/pathto/.htpasswd //Full path of the .htpasswd file
AuthType Basic
AuthName "My Secret Folder" //Message to be displayed on validation.
require valid-user

On the other hand, the file .htpasswd will contain the users and passwords we will use. To generate them we will use a script like this.

Now all that remains is to insert the files in the directory to be protected and that's it.

In addition to these three basic protection systems, there are many others that can be found through this link.

As always, remember that you can ask any questions through our forum.