I realize that experience webmasters know what a .htaccess file is and it’s importance. A large number of webmasters have no idea what you are taking about when you refer to a .htaccess file.

What is a .htaccess file? in laymen terms it is a simple text file named .htaccess. Notice that there is nothing before the [.]. You can create this file with a text editor. You can also create it through the CP if your hosted at Jag.

I might also note that every host does not allow individual users the privilege of using a .htaccess file on a shared server. Personally I would not use a host that did not allow the file.

So what is a .htaccess file good for? You can pass word protect files, block hot linking, implement 301 or 302 redirects and a lot more. In other words it gives you a lot of control over your web site.

Here are a few simple things that I use on my site.

AddHandler server-parsed .htm html #by default a Apache server will only parse shtml files. This line means that it will also parse htm and html documents. Why is this important? I use a lot of SSI (Server Side Includes) on my e-commerce site. I don’t want to rename 400 or so pages to shtml so the server parses the pages.

Hot link protection.

RewriteEngine on
RewriteCond %{HTTPREFERER} !^$
RewriteCond %{HTTPREFERER} !^http://(www.)?domain.com.$ [NC]
RewriteCond %{HTTP_REFERER} !^https://secure.domian.com/.$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www.)?IP Number(/)?.*$ [NC]
RewriteRule .(gif|jpg|jpeg|png|bmp|tif|zip)$ – [F,NC]

301 Redirects which I think are important.

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain.com
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=permanent,L]

Redirect individual pages

Redirect permanent /old file.htm http://www.domaine.com/new file.htm

You can block IPs such as bad bots.

Bot blocking by IP

[Limit GET]order allow,deny
allow from all
deny from 123.456.789.0

[]for a larger list you might want to read in check Anthony Parsons forum.

If your site is a PHP site you can use mod_rewrite in the .htaccess file to produce SE Friendly page extensions.

You can do a lot more with a .htaccess file than what I have mentioned.

If your interested in learning more here are a few links that I hope you will find beneficial.

Comprehensive guide to .htaccess

Apache HTTP Server Version 1.3

A Google Search for .htaccess

A closing thought. Most FTP clients will not show a .htaccess file by default. Any file that begins with a (.) is like a hidden file on your PC.

Matt Cutts posted a summary yesterday  of things that have been taking place at Google over the last few months.

He provides a lot of links to previous post of interest.  If you read his post and the comments that follow it should give you some kind of idea about what is going on with Google.

One thing for sure is that recipicol links are a thing of the past if they are not related to your site.   Matts Update.

Hopefully everyone who has a website is interested in the Search Engines. Here are a few links you may find helpful.

Official SE Blogs.

Google

Yahoo

MSN

Unofficial Blogs

Google Matt Cutts

Yahoo Tim Converse

Yahoo Jeremy Zawodny

I think the resources listed should be of value to every webmaster.

Yesterday Matt Cutts posted on his blog a summary of Google Press Day 2006.

I think it is worth reading for anyone who wants to know what is going on with Google. Matts Blog Post. As always no Google secrets are revealed.

Recently we have begun to deploy just a very small portion of our overall marketing plans into action. However minor the end result was far beyond expectations. With barely a fraction of our marketing budget in play we set out with a decent stock of vps nodes, thats virtual private server for you noobs out there. A node in this case is just another way of saying a single physical server configured to act as a host to many virtual servers.

With our nodes lined up and more on the way for what we hope will be a slight overstock murphy paid us a visit. We soon found ourselves filling nodes so fast, literally several overnight, that we began pulling select nodes designated for other purposes such as future shared, reseller, and semi-dedicated machines. Still new nodes arrived and those were setup as well until we just plain ran out. Sitting on a pile of orders makes us all warm and fuzzy inside normally…as it should. Sitting on new orders with nowhere to put them while we wait for loads of new hardware is a very unsettling experience. The nodes in service are all well balanced and lightly loaded but still loaded to what we have designated as a safe, acceptable, profitable capacity. We could put a few extra orders on all the many nodes to get the order queue down but where do we draw the line? We’ve opt’d to bite this bullet and gross underestimate in sales head on. Rather than risk damaging our support needs, existing clients and their businesses, and doing what other host do all the time we will just let it ride. Id rather not lose a single order and while every client and order are very important to us, its more important that those clients that have received our stellar services continue to get those services on the same level as they have come to expect. It may cost us sales but the cost of crashing or overloading nodes would be far more damaging to our reputation and more importantly to the livelihood of those clients that put their trust in us to deliver.

This stance is a slap in the face to some and while most hosts would just tuck a few accounts here or there to “get by” its simply not our style. Hopefully its this same jag style that has you reading this post .  In the jag world : current client > potential new client  and  hopefully that fact is looked upon  in a positive manner despite its negative connotations.

May be, but I have my doubts. Having an open source web application running on your site can become a security nightmare or may eventually cause a high maintenance cost in the long run. Example: you have just installed a really nice web application that is popular and feature rich. The next morning you receive a security alert that an exploit has been found in that application. That happened with me during last couple of weeks with two web applications (cms). Having little or no time to spend for my own site, I wanted a web application that I can install, leave it running, and may be occasionally do upgrades or fixes. But with two incidents in same week for two different web applications made me think twice. That site I wanted to start is closed till I figure out my next move.

May be it is my own perception but I have found that most of the commercial open source web applications are more secure than free ones. Is that your experience as well? Probably it comes down to spending my own time to secure such an application or let others do the job for me and purchase a commercial product.

One approach I am thinking of is taking daily or even hourly offsite backup of the web application and its database, so if it gets hacked due to new exploit being discovered, I do not have to worry about it. But then there is another problem: some exploits can cause server damage as well e.g. remote arbitrary code execution (xss?).

One other problem that I faced is that some applications do not have a straigh-forward process to apply patch/upgrade. Spending 2 hours to go through 10 steps to upgrade the application is not a good idea. This probably happens with applications that were designed at the spur of the moment without proper design. To maintain such an application is no doubt difficult for the developers as well.

Oh, btw, you should signup for daily alerts at secunia.com if you are using any 3rd party application, or join the announcement/development mailing list of the product you are using to stay upto date with any patches/updates released by the vendor/developers.

Many people including webhost do not realize the importance of the .htaccess file in relation to search engine optimization. You may not be aware of this but SEs (especially Google) will treat domain.com and www.domain.com as different pages.

This is referred to as a canonicalization issue which
can be taken care of using mod_rewrite in the .htaccess file.

Unfortunately a lot of host do not allow a webmaster to use a .htaccess file. Fortunately JagPc as a top web host does.

No site should be accessed by domain.com and www.domain.com. You should decide which you want and redirect one to the other with a 301 redirect.

Of course a redirect means you need to be able to use a .htaccess file.

I’ll have more to say about this later. This is somewhat o a test post.

Believe me the canonicalization issue is real. It can affect you with the SEs.