Best Htaccess for Your Joomla Website
Allow only those you want
There's high chance of someone entirely clueless landing upon this post; it is, therefore, essential that we speak a couple of introductory words to get them bit savvy on what .htaccess is and then, give a fair idea on all that a htaccess file can do. However, those who have already learnt the basics on htaccess (e.g. in relation to custom error pages implementations or password-protected directories) shall be delighted knowing how much one may accomplish through something this marvelous and simple.
So what is .htaccess, anyway?
- Full name: hypertext access file. It is the filename and not a file extension.
- File type: Configuration file (directory-level) supported by multiple, decentralized webserver and accompanied by the .htpasswd file (comprises valid usernames along with passwords).
- Function: Allows managing web server configurations. E.g. Servers often curb long URLs using .htaccess and block/allow specific IP / domains, bots, referring URL-s andsearch engine spiders and also for customizing error messages (e.g. page not foundinstead of error 404).
- Original purpose: To allow access control on a per-directory basis (e.g. a differentpassword for every content folder) and overriding a server's global configuration subsetfor a particular directory and all its sub-directories.
- Special feature: Overrides several different configuration settings (e.g. content types,character sets, CGI handlers etc.).
- Location: Inside web trees.
- Usage: Authorization/authentication; it defines security restrictions for a directory.
.htaccess: The advantage
Every request reads .htaccess files and therefore, any change in the files brings an immediate effect. This is contrary to the main configuration file requiring a server restart every time for new settings to become functional.
.htaccess: The best one for you
If there is already a htaccess file a site is using, it is, most probably, the usual one that came with Joomla. Else, some modifications are required. It can be done through any text editors (notepad, for example).
Caution: .htaccess files, by default, are not write-protected since Joomla needs to update
them. This makes them vulnerable to attacks.
Set .htaccess permissions to 444 or 440 (r-r-r- or r-r--).
Step 1: Save a text file as .htaccess (not .htaccess.txt). Just type in a character prior to saving it inside the administrator directory inside the Joomla installation directory.
Step 2: Disable word-wrap. There's no need to get Apache annoyed or take advantage of its VERY forgiving nature towards malformed htaccess content.
Step 3: Open the file with notepad and fill in the following:
Deny from all
Allow from xxx.xx.xx.xxx
deny from all
i. xxx.xx.xx.xxx is YOUR (administrator) IP address. This will deny access from all IP addresses but yours and will give a HTTP 403 FORBIDDEN error. However, this works fine only with a static IP address. For dynamic IP-s or for dial-up connections, it is the public IP address that will count. Google it up asking - what's my IP?
ii. Unless .htaccess files remain enabled by the apache web server, this is not going to work.
Step 4: Enter this IP address to the .htaccess file; however, it will also require updating the IP
address in the .htaccess file with every logon.
However, those willing to specify multiple/ a range of IP addresses shall find the following
handy. These instructions shall allow every IP address within the 220.127.116.11 to 18.104.22.168
Allow from 22.214.171.124
Allow from 126.96.36.199
Allow from 34,35.21.22
Allow from 12.
Essential points to remember:
- htaccess files must not be uploaded as BINARY files. They are ASCII.
- The file must be made usable only by the server and not by a browser, due to security reasons. The best way to do it is by CHMOD-ing the file to 644 (RW-R--R--).
You can find a good prepare htaccess file can be found at officilal joomla developer website. Visit Official Joomla Site for a htaccess sample