Whati is .htaccess

htaccess files can give you extra control over your server, allowing you to password protect directories, enable server side includes, generate custom error messages, and block users by IP address among other things.

Here is a sample how to configure and securing your website with .htaccess

First we need to have linux/unix OS with Apache1.x or Apache2.x up and running.

Example :
Domain : testing.com
Home Directory : /home/testing.com/public_html
cgi-bin Directory : /home/testing.com/cgi_bin

We will secure a Home Directory with .htaccess

First We need to create .htaccess file in /home/testing.com/public_html

[code]$cd /home/testing.com/public_html
$vi .htaccess

AuthName "Tersting.com Secure Area"
AuthType Basic
AuthUserFile /etc/httpd/conf/.htpasswd
require valid-user

$[/code]

Next we need to configure a .htpasswd file with htpasswd tool
.htpasswd is use to stored all user and password for authentication

[code]$cd /etc/httpd/conf/
$htpasswd -c .htpasswd admin
Password : pass123 [input your admin password][/code]

If you want to add other user just type the command below
[code]$htpasswd .htpasswd otheruser
Password : .... [Input password for otheruser][/code]

Next We need to configure Apache1.x or Apache2.x to support .htaccess

[code]$cd /etc/httpd/conf
$vi httpd.conf

### here is a simple example how to configure your website with .htaccess

<VirtualHost 10.10.1.2:80>
ServerName testing.com
DocumentRoot /home/testing.com/public_html/
<Directory "/home/testing.com/public_html">
AllowOverride AuthConfig
Options Indexes FollowSymLinks MultiViews +ExecCGI
Order allow,deny
Allow from all
</Directory>

ScriptAlias /cgi-bin/ "/home/testing.com/cgi-bin"
<Directory "/home/testing.com/cgi-bin">
AddHandler cgi-script .cgi .pl
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog logs/testing.com-error_log
CustomLog logs/testing.com-access_log common
</VirtualHost>

## save this file

$[/code]

Restart Webserver :

[code]$/etc/init.d/httpd restart or /sbin/service httpd restart[/code]

Testing out via browser

Example : http://www.testing.com

Input your User : admin
Input your Password : pass123

Note : Once you have completed the above, you should test your set up using your browser to make sure that everything works as intended. Upload a simple index.html file into your protected directory and use your web browser to view it. You should be greeted with a prompt for your user name and password. If you have set everything up correctly, when you enter that information, you should be able to view the index.html file, and indeed any other file in that directory.