brand

Navigation

Menu comes in two modes: dark & light


Scrollable Header
brand brand

htaccess Builder

htaccess Builder

 


 




The Purpose

To quickly and effortlessly deliver an htaccess file without having to remember anything about the apache server language used to construct the htaccess file!


The History

htaccess Builder! started out as a micro app. A very crude form with a few of my more often used functions with no UI. I rewrote the entire app, gave it all a smooth UI with as much point and click as possible. I tried to include a help button with each function - deep enough to teach new users, but short enough to be a refresh for regular users.


The Future

htaccess Builder! is complete as is - however - depending on requests and sales it has the potential to grow to cover just about every function of htaccess.





Directory Stuff?

If you're not sure, please choose "Deny" from the drop down below.



Hide Files from Open Dir ?

Files -(or file types)- listed here will be hidden if you allow open directory (e.g. index.html )



Default File?

Advanced Knowledge Level Required to Access This Function



Cache Control?



 



 



 



 



 



 



 



 



 



 



 



 



 




 




 



 




Authentication?

 


 


 


 


Custom login Message (Default e.g.
Please enter your username and password)


 

The path you uploaded the htpasswd file to: (e.g. /home/yourname/.htpasswd)


 

The path you uploaded the htgroup file to: (e.g. /home/yourname/.htpasswd)



Advanced Knowledge Level Required to Access This Function



A Word of Warning:

If you play around with the authentication and fail to authenticate too many times the servers firewall may block your IP address. Denying access even to WHM and cPanel! Have your hosts phone support number handy or be prepared to wait for the block to auto expire.

If you call your host and explain to them that you are going to be playing with the htaccess authentication settings - they may be able to whitelist your ip address.


Error Pages?

Please be sure to read the help info.

 




Canonicalization?


Enter your URL the way you want to use it .



OR


Redirects?


Advanced Knowledge Level Required to Access This Function

Enter the site path into "From" and URL into "To"


301 Moved Permanently














302 Moved Temporarily














CGI - SSI - Symbolic Links



CGI scripts options?


Advanced Knowledge Level Required to Access This Function




Server Side Includes?


Advanced Knowledge Level Required to Access This Function



Symbolic Links?

If you do not know what this does, please skip this page!





Bad Bots





 


Only Me!star



Allow Your IP Address :

Redirect Everyone Else To :




Be sure to double check your IP address - especially if you are going though proxies!



htpasswd Password Generator

 

Must have Username and Password to encrypt your password

Must have Username to generate a password.

This information is NOT saved or stored!!!


Username:

Password:





UserPass:


Copy UserPass to new line in .htpasswd file



When accessing a directory that does not have a default file to open, the server will show visitors all the files in that directory. Here you can choose to allow an "open directory" (show the list of files) or to deny access and show a forbidden message.


Click on the picture you want your website to do!

Allowed Open Directory   Or      Deny Open Directory

Hide Files When Open Directory Is ALLOWED

This IS recursive! The files will also be hidden in any sub directories as well!


Here you can hide specific files, or all files of a particular extension if you allowed open directory.

If you would like to hide a specific file named "private.txt" you would enter:
private.txt
If you would like to hide ALL text files, then simply use the asterisk wild card
*.txt

This only hides the file(s) from the directory listing - obviously - if you have directory listing denied above; there is no sense in filling this out!

Default File Types

The file path is per local directory! NOT from domain root!


You can list file types here you want the server to server as default - Order is important

If your first choice file is not found in the directory, the server will automatically load your second choice file, and so-on-and-so-forth. If you have both an index.html and an index.php in the same directory, here is where you can choose to load the html instead of the php file first.

Wild card extensions are permitted. Meaning if you enter a file name with no extension such as

index

then the server will serve any file named index regardless of its extension. HOWEVER there is a performance decrease with this type of setup. I highly recommend always using a file named and extension such as

index.html

Cache Control

Type in how long you want each file type cached - then choose the unit from the dropdown list.

The unit of measurement is really your preference - more or less -

1 year = 12 months = 52 weeks = 365 days = 8760 hours = 525600 minutes = 31536000 seconds

Units of measurement can be both singular and plural.

1 year = 1 yearS

*Section 3 of RFC 4329 declares application/x-javascript and text/javascript obsolete - they have been included (and functional) for "historical purposes" - but should be avoided - Use JS at the top of the list instead. It is processed as application/javascript..

Authentication over view

This page is designed to work independently or together.


If you put an address in the Allowed list, but do not set the allow/deny it will set itself to deny by default - I assume you only want to allow the specified address.


If you put an address in the Denied list, but do not set the allow/deny it will set itself to allow by default - I assume you only want to block the specified address.


If you set the path to the htpasswd file but do not specify an allowed or blocked address - anyone with the username and password will be able to access the blocked area.


If you set the path to the htpasswd file and specify an allowed address the system will set the 'order' to "deny by default" and 'satisfy' "any" one criteria (password or allowed address)


If you set the path to the htpasswd file and specify an denied address the system will set the 'order' to "allow by default" and 'satisfy' "all" the criteria (password)


You can override my auto set features by setting the values as you would like them from their appropriate dropdown boxes.


Your IP Address may not be displayed correctly if you run though proxies.

htpasswd

Step One

You need to create a plain text file called htpasswd.txt

Step Two

Use the password generator to MD5 hash your passwords! Neither your username nor password are saved. If you have multiple usernames and passwords, put each one on its own line in the htpasswd.txt file!!

Notes

Passwords in the htpasswd file are not plain text - they are encrypted! That is why you must use an MD5 hasher to generate your password! MD5 passwords cannot be reversed - meaning if you lose your password, you will have to generate a new one!

Step Three

After you have your username:password combos entered into the htpasswd.txt file save it and upload it to your server.

DO NOT place the htpasswd file inside the public_html (or www) directory or any sub directory(ies)!
Bad example: /home/yourname/public_html/htpasswd.txt


DO place it in the same directory as your public_html directory!
Good example: /home/yourname/htpasswd.txt

If you can open your browser and in the address bar type http://yourwebsite.com/htpasswd.txt and you see the contents of your file - you did it wrong.

It should be noted that if you do not have access below your public_html then you can place it in the public_html directory.

On a technical note - There is nothing illegal about placing your htpasswd file inside your public_html (www) directory - it is a security precaution! Should you neglect to protect the htpasswd/htgroup file(s) then one might be able get your username/password. It is true that the password is encrypted with the MD5 algorithm - therefore non-reversible - the problem lies in the fact that it is still bruteforce attackable. And if someone has your password, they can bruteforce it "offline" at their leisure.

Step Four

Rename your file. Once your htpasswd file is uploaded to the server, rename your file as follows.

From

htpasswd.txt

To

.htpasswd

Step Five

Type the location of where you uploaded your .htpasswd file into the htpasswd filed in the form.

Finished


A Word of Warning:

If you play around with the authentication and fail to authenticate too many times the servers firewall may block your IP address. Denying access even to WHM and cPanel! Have your host's phone support number handy or be prepared to wait for the block to auto expire.

If you call your host and explain to them that you are going to be playing with the htaccess authentication settings - they may be able to whitelist your IP address.

Allow / Deny Filter

If you do not select a default for the allow/deny dropdown - one will be selected for you based on what I believe you are trying to do!

Default Allow

If you only have an address in the allowed column, the system will default to "Allow,Deny" therefore only allowing the specific address into the restricted area!

Default Deny

If you only have an address in the denied column, the system will default to "Deny,Allow" therefore only denying the specific address from the restricted area!


Default Deny

If you have an address in the allowed AND denied column, the system will default to "Allow,Deny" therefore only allowing the specific address(s) from the restricted area!


To override the default, just select your preferred option from the allowed/denied dropdown!


By Specific IP

Block a specific IP address from accessing your site by putting their IP address in one of the Deny boxes

Deny:

123.456.789.012

By IP Address Block

Block an entire range if IP addresses just leave the last octet off.

Deny:

123.456.789.

notice there is still the third dot, but no numbers after it. Any IP address that has a number after the third dot will be blocked (unless they are specifically allowed)

By IP Address Block With Exception

Block an entire range if IP addresses EXCEPT FOR ONE

Deny:

123.456.789.

Allow:

123.456.789.012

This will block everyone that has an IP address of 123.456.789.xxx EXCEPT FOR 123.456.789.012 will still be allowed!!


A Word of Warning:

If you play around with the authentication and fail to authenticate too many times the servers firewall may block your IP address. Denying access even to WHM and cPanel! Have your host's phone support number handy or be prepared to wait for the block to auto expire.

If you call your host and explain to them that you are going to be playing with the htaccess authentication settings - they may be able to whitelist your IP address.

Password Prompt

You can customize the login message (between the two red arrows) using the bottom box - Optional - (red arrows not included)

Auth Box Example

A Word of Warning:

If you play around with the authentication and fail to authenticate too many times the servers firewall may block your IP address. Denying access even to WHM and cPanel! Have your host's phone support number handy or be prepared to wait for the block to auto expire.

If you call your host and explain to them that you are going to be playing with the htaccess authentication settings - they may be able to whitelist your IP address.

Order of Allow / Deny

Order of Allow and Deny - Easiest way to do this is to think backwards!

Order Matters!! In this one particular instance - the latter is the determining factor!


Allow by default = Order Deny,Allow - whatever is not denied is allowed


Deny by default = Order Allow,Deny - whatever is not allowed is denied
If NO criteria is set for the allow, then everyone will be denied!!!


A Word of Warning:

If you play around with the authentication and fail to authenticate too many times the servers firewall may block your IP address. Denying access even to WHM and cPanel! Have your host's phone support number handy or be prepared to wait for the block to auto expire.

If you call your host and explain to them that you are going to be playing with the htaccess authentication settings - they may be able to whitelist your IP address.

Satisfy Directive

Example
AuthUserFile /right/here
AuthGroupFile /dev/null
AuthName "Please enter your username and password"
AuthType Basic
require valid-user
order deny,allow
allow from 192.168.1
deny from 192.168.2
Satisfy Any

Satisfy Any The user only has to satisfy one of the requirements - in this example - If a user has an IP address starting with 192.168.1.* then they will not be prompt for a password and will be granted access because of IP address alone. - Access will be granted if ANY one restriction is passed.


Example
AuthUserFile /right/here
AuthGroupFile /dev/null
AuthName "Please enter your username and password"
AuthType Basic
require valid-user
order deny,allow
allow from 192.168.1
deny from 192.168.2
Satisfy all

Satisfy All The user must satisfy all requirements - in this example - Even if a user has an IP address starting with 192.168.1.* they will still have to provide a password to continue - Access will only be granted if ALL restrictions are passed.


In either case if a user's IP address starts with 192.168.2 they will be denied regardless of they have a password or not!


A Word of Warning:

If you play around with the authentication and fail to authenticate too many times the servers firewall may block your IP address. Denying access even to WHM and cPanel! Have your host's phone support number handy or be prepared to wait for the block to auto expire.

If you call your host and explain to them that you are going to be playing with the htaccess authentication settings - they may be able to whitelist your IP address.

Only Me - Developer Quickie

MAKE SURE YOUR IP ADDRESS IS CORRECT

You do not need to fill anything out. Just push the 'Do It Quick' button and copy/paste or save the results and you are ready to go. This little quick script will kick everybody that is not you to Google - allowing you to develop your website in private!

Info Is Not Stored!!

Using the "Only Me" Quick Function - information is NOT stored in your session. As soon as you refresh or leave the page the info is gone! The rest of the session information remains intact however!


A Word of Warning:

If you play around with the authentication and fail to authenticate too many times the servers firewall may block your IP address. Denying access even to WHM and cPanel! Have your host's phone support number handy or be prepared to wait for the block to auto expire.

If you call your host and explain to them that you are going to be playing with the htaccess authentication settings - they may be able to whitelist your IP address.

You have two choices for error document handling. You can redirect to an existing error page, or you can write the error code right into the htaccess file and not have error docs cluttering up the server.

Redirecting Error Pages

The file path must be from the root of the domain no matter where you place the htaccess!

Just fill in the boxes below with the path to your error page - from the public_html (or www) folder. If you have a folder named 'error' inside of public_html, and your pages are the name of the error code they are going to represent, then you would enter the following into the "404 Not Found" box:

/error/404.html

If you experience any problems with the relative path, us an absolute path. http://www.yourwebsite.com/error/404.html


Error Pages on the fly

Instead of redirecting to an error page, you can use html right here to emulate an error page. There are some restrictions, and anything fancy would be better handled by a redirect, but none the less, this is possible so I figured I would include it.

"<h1>You are <b>NOT</b> allowed to be here! Please <a href=\"#\">leave</a></h1><br />or <a href=\"#\">click here</a> to login

Please BE AWARE that your code must start with a double quote, but must not end with one. Look closely at the example again! The example is absolutely correct there are no typos!! Also, there cannot be any line breaks in your code! It must be written in one constant line!


Be sure you escape double quotes with a backslash

If any fields are left empty, it will stay at the server default pages

Enter your URL in either the www box or no-www box - just as you would like to use it.

NO www

If you do not want www then enter your URL into the first box

yourwebsite.com

YES www

If you want your website address to use the www then enter your URL into the second box

yourwebsite.com

This supports pages and directories! If this is only a temporary redirect (while you rebuild the site) then use the Temporarily Redirect boxes, else, if this is permanent, well, use the Permanent Redirect boxes.


The path should be from the root of the domain name regardless of where the htaccess file is!

Attention!!It is crutial that your htaccess be at the same level or higher than the pages you are redirecting!!

 

For example:

If you want http://www.yoursite.com/path/to/old_file.html to be redirected to http://www.yoursite.com/path/to/new_file.html and you are working with the htaccesss file located at http://www.yoursite.com/path/to/.htaccess you would put

 

DO NOT use http://www.yourdomain.com in the From filed - only in the To filed!!

From:

/path/to/old_file.html

To:

http://www.yoursite.com/path/to/new_file.html

Page

To redirect the oldpage.html to the newpage.html use:

From:

/path/to/oldpage.html

To:

http://www.yourwebsite.com/newpage.html

Directory

To redirect the olddir to the newdir use:

From:

/path/to/olddir

To:

http://www.yourwebsite.com/newdir/

CGI Scripts Options

You must allow execution of CGI (first check box) in order to allow any of the extensions to run as cgi (the rest of the checkboxes)


Leave everything off unless you know what you are doing.

Server Side Includes

Do you want to allow server-side includes?

Run *.htm as server-side includes

Run *.html as server-side includes

Run *.shtm as server-side includes

Leave everything off unless you know what you are doing.

Symbolic Links & SSL

Follow 'Symbolic Links if Owner Matches' is typical

The server will only follow the symbolic link if the target file or directory is owned by the same user as the link

Force SSL? - Redirect http to https

Email Bots

These bots are known to harvest emails

They are filtered out by their User Agent and given the forbidden message!

Bad Bots

These bots are known to disregard the robots.txt file.

They are filtered out by their User Agent and given the forbidden message!

htaccess output

save, copy & paste or email.