*G pats I-girl's hand*

I feel your pain. I, too, have a service provider which makes me crazy. (I'm not even allowed to do Server Side Includes.)

.htaccess is part of Apache. It is a file which allows per directory access. Server-wide access is controlled by an access control file called access.conf.

You have a couple of options:
1. Tell the admin exactly what you want to do with the .htaccess file. Perhaps they can tweak the file for you to do what you want.

or

2. Take your site -- and your money -- elsewhere.

<later>GACK! Just realized I answered the wrong question ... </later>

Oooh, but this might help you: "How do I make dynamic urls into Static urls with no mod_rewrite?"

[webmasterworld.com...]

mod_rewrite takes about five minutes to install. The last known vulnerability that I recall was from a couple of years ago and invloved a specific rewrite rule. As far as I know it was never exploited and was fixed in Apache 1.3.13

Given the large number of servers on the net running with mod_rewrite available without problems, I'll let you draw your own conclusions.

Ooooh, and here is a post with a bunch of links to tutorials:

[webmasterworld.com...]

>Does it cause some unGodly problems?
There is a performance hit as every request is checked against the rewrite rules.

What were their reasons for not providing it, IG?

Oh man- I've spent more time at Apache's site lately than anywhere else. I can't see any reason they won't install it - but they said when they set up the boxes they didn't install then - so now it's not an option (why?) That's the best they can tell me.

Half the techs don't know what I'm talking about, and the other half groan and shove me off to someone else. I just don't GET what the big deal is. I told them exactly what I wanted to do with it - rewrite conditions - and one tech went so far as to say, "That can't be done".

Right. Duh.

I tried doing it though my conf files- but it's a no go. It's missing something (like the actual mod!) I'm dead in the water and don't know what to do.

The thought of transferring all my clients to another box is just too dreadful. I'm hoping to pick up some little piece of information that will turn this situation around.

Dreadful though it may be, finding another host sounds like a good idea. Today it's mod_rewrite... and even if you convince them to install it, it may well be something else tomorrow.

Seriously, it's totally worth is to find a company that offers access to all the standard goodies up front, and if you're really lucky, you might find one who's also willing to get under the hood and tinker with stuff for you...

Hi idiotgirl, sounds like idiottech's...

The only reason I can think of it not being there is that its not included in a default apache install, requires recompiling with a few additional directives.

There is a performance hit but with hardware more powerful per buck than ever before its a poor excuse.

I take it that php isn't available either? (Another recompile)

The only other thing I can add is that with hosting being so cheap - it's probably worth taking on a second package, getting every thing up and running and transferring - I did this and haven't looked back.

To give you an indication - my hosting now costs 20GBP pcm, 40 Gig Bandwidth, mod_rewrite, php, unlimited domains (10GBP 2yrs), 600mb, mysql, perl, ssh, crons etc etc. I have a few niggles but compared to the package I was on previously its fantastic. I'm sure even better offers are available in the US.

Good luck

Okay - it looks like other than an install and a couple tweaks this wouldn't be a big deal for someone fairly capable. Not me - but a tech. Right?

Tuesday I'll go back at it with them and tell them what those 'in the know' (you guys) have told me - and if this can't be resolved I'll look to get something else set up the way I want it and begin the "migration" after the new box rattles and hums just the way I like it.

This is so frustrating- these techs treat you like you're stupid (okay - my name isn't really idiotgirl) - then you ask them about things like this and they're the ones who know less than you! It was their screw-ups that got me on the quick-n-dirty path to working my own conf files and configuring my own domains. I figured that out just by visiting the Apache sites (and a few close calls!) I'm not *totally* inept. Then I ask for a little deal like mod rewrite and I'm practically 86'd. Geez!

Today was not a good day. Based on my faith in the expertise of the people on this board - after parsing log files this afternoon - I sent the following to my current (nameless) host provider:

I have been discussing with tech support for a couple months or more how to block certain IP addresses from accessing my main domain, *****, and the domains I host under it. Depending on who I talk to - the response is different every time. Something like musical chairs.

Last response said that I should get a dedicated server, as I asked about mod_rewrite. She said it was not installed when the boxes were set up, so could not be done now. She suggested a dedicated server. I think that translates to, "We don't want to bother. Go away. Or give us more money".

Here's what I'm dealing with: I have client sites with images being stolen and hotlinked all over the internet. Hundreds of times. Not once or twice, but hundreds of times every week. Maybe a thousand or more. I am SICK of it.

Now, with mod_rewrite, I could do rewrite conditions that would prevent this, and also ban a lot of bots and spiders I don't need crawling around. That is my intention. I'm not trying to do anything subversive, but I am tired of being strangled with the limitations I am faced with.

Adding the addresses to .htaccess, the way the boxes are set up now, DOES NOT WORK. Period. It has no effect - in fact - it doesn't even work. I added lots of IPs to my banned list. They cruise in, and continue to come and go as they choose. I banned *myself* - just for kicks - and was looking through sites without missing a beat. Verdict: .htaccess as it is currently configured on this box is totally impotent. Needs Viagra.

So where does that leave me? I already do my own conf files - because half the time the techs set the domains up wrong to begin with. I submit which folder it's to go in - they always do the default install of (htdocs) - so then I go in and tweak it. Then I tweak the names it automatically assigns the cgi-bins - and the default cgi-bin locations. No big deal, I'm used to it. But I do this myself. Haven't blown it up yet, have I?

Currently, I already have a zillion things going on in my cgi-bins. I have my own error tracking. I have scripts that do all kinds of things - which I wrote. But, most importantly, I have a bunch of domains I have no time to move to another server - being plundered by people all over the internet. And I'm helpless.

No, I don't need or want a dedicated server. mod_rewrite, despite what some of your techs have told me, is not pure evil, straight from Hell. Other webmasters I know say it's about a five minute install, plus some additional tweaking. They do rewrite conditions all day long. Without blowing anything up, without begging and pleading, and without a dedicated server. Want names? I'll give you some.

If it's the matter of time to install the mod - fine - I'll pay what's reasonable. That's not an issue. (In fact, I was led to believe a month or so ago this might even happen. I was filled with joy.) What I am having an issue with is a host provider that does nothing to help me, and I'm stuck with a box full of clients getting raped every day because I can't do a thing about it.

Am I not polite? Do I call and scream at your techs? Does any of this seem to matter at all to anyone? NO. But it matters to me. I would very much appreciate this meeting a swift resolution.

Sincerely,

*idiotgirl*

I not sure if this is a solution to your problem, but it looks interesting. These are cgi scripts [cgi.resourceindex.com] that are supposed to thwart image/bandwidth thieves. At least one of them works by imbedding the url of the script into the image tag forcing the script to serve up the image. The script first checks to see if you allow the referrer in it's @referers variable. If not, a custom error image gets served up. Looks kinda like a cloaking script for images. All the images would need their tags altered. If there's a lot of images it could be a pain editing all the code, but if your good with search and replace string functions it shouldn't be that daunting.

I have a similar situation with mod_rewrite on some of our servers that are configured with Frontpage 2K. For some reason the owner of the network is convinced that compiling in the Frontpage modules along with mod_rewrite creates a greater security risk. He claims that Microsoft botched the support for mod_rewrite in their extension set for Apache. It's too bad because mod_rewrite is such a smooth tool. Anyway, I hope the above may be of some help.