Here's a FrontPage workaround that allows you to add lines to the .htaccess file that would normally make FrontPage choke. The scheme uses the knowledge that FrontPage likes it's own .htaccess file while you're editing and publishing, but it will tolerate much more in the "production" environment.

The scheme uses two .htaccess files:

Editing version of the .htaccess file When you want to edit, publish, or open your site live on the server, use FTP to copy the original plain-vanilla "editing version" of the .htaccess file to the server.

Production version of the .htaccess file When you're finished editing and publishing, use FTP to copy the "production version" of the .htaccess file back to the server.

A bit clumsy but it works in some cases. Using this method you may be able to have otherwise troublesome lines in the production version of the .htaccess file, such as RewriteEngine lines.

can someone help with my .htaccess

i wanted it to disable hotlinking and the use of download manager without going to my site..

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://skamfroj.net/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.skamfroj.net$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|rar|exe|zip)$ http://www.skamfroj.net/nohotlink.html [R,NC]

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^.*FlashGet.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*DA\ 7.0.*$
RewriteRule /* http://www.skamfroj.net/nohotlink.html [L,R]

but this will also disable ppl using download managers who have gone to my site and click the links from my site..
can i merge them telling to enable download manager if referer is my website.

thanks in advance.

Here is the htaccess file that FrontPage creates. If you're having trouble publishing, compare your htaccess file with this one. In particular, make sure there are no lines on top of the -FrontPage line and any lines you add are at the bottom.

# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>

<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>

AuthName www.domain.com
AuthUserFile /home/username/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/username/public_html/_vti_pvt/service.grp

send a note to support@lunarpages.com and ask them to reinstall extensions on your site. Sometimes their reinstall works better than the CPanel one.  You may still have to republish your entire site and then modify your htaccess file - carefully.

The usual thing to do is to reinstall extensions. Most of the time when you do that in CPanel, it fixes things. When it doesn't, then you need to write to support and open a ticket. Ask them to reinstall the Front Page extensions on your domain. You should include your account name, domain name, and last four digits of the credit card they have on file for you.

It sounded like you had allready tried re-installing extension from CPanel, which is why I suggested you write to support.  The Help Desk would probably want you to try doing it yourself first. Most of the time, re-installing them yourself will fix it, occasionaly....it doesn't.

I did some experiments last week that might shed some additional light on the FrontPage Extensions (FPE) .htaccess issue.

(1)

The first question was, "Is there a security feature of FPE that checks whether .htaccess has been edited and then freezes the site if it has?" That is, does FPE use any tampering detection methods on .htaccess such as checksum verification, timestamp checking, or a hidden or encrypted shadow file that must always match? The answer to all is no, apparently not.

I was able to:

a) Edit my htaccess file from cpanel File Manager, inserting carriage returns or whitespace,

b) Copy the text from htaccess, paste it into Notepad, change LF line ends to CRLF, insert blank lines, paste it back into the server copy, and save it.

c) Add code (the security setting code for suPHP_ConfigPath) at the end of .htaccess

d) After intentionally corrupting my FPEs (by inserting mod_rewrite code), I was able to take the text from my previously known good .htaccess file, paste it back into .htaccess, and restore full FrontPage access to my site, i.e. uncorrupt the FPEs. 

None of these actions corrupted the FPEs, so my conclusion is that it is only the actions and settings specified in the .htaccess file's content that corrupts the FPE. It is not the act of tampering with the file itself.

One nice benefit of this is that if you use Rick_E's file-swapping method described above, you don't have to physically copy files in cpanel File Manager or FTP. You can simply keep multiple htaccess files on your own computer, and copy and paste the text from the one you want to use directly into htaccess on your server, and save it.

(2)

The second question was, is there any way to modify your server's configuration such that you can publish with FrontPage, use the FrontPage Extensions, and still have full use of your server's htaccess file, including such features as mod_rewrite? The answer appears to be yes.

Using cpanel > File Manager, navigate to each of the following three files and edit each using the Edit File link in the upper right corner of the screen. If you decide not to save the file, just close the browser window; the file is not saved unless you click the Save button.

/public_html/_vti_bin/.htaccess
/public_html/_vti_bin/_vti_adm/.htaccess
/public_html/_vti_bin/_vti_aut/.htaccess

At the TOP of each file there is an Options None line. Don't delete or modify it. It gives this folder a secure starting point by turning OFF any less-secure options that are enabled in folders above it.

The only edit you make is: at the very BOTTOM of each file add the following line:

Then Save the file.

You do not have to make any modifications to the top-level .htaccess file in your public_html folder.

If for some reason you must ever reinstall your FPE, then you must reapply these mods afterwards.



If you want to research this further, this MSN search found relevant articles: http://search.msn.com/results.aspx?q=frontpage+htaccess+vti_bin+vti_aut+vti_adm+%28FollowSymlinks+OR+SymLinksIfOwnerMatch%29&FORM=QBHP. Google and Yahoo searches for this turn up nothing.

Most (or all?) of those articles recommend using the following line instead of the one I gave:


I chose not to use that because from browsing through the Apache documentation, it appears to be less secure. SymLinksIfOwnerMatch seems to do the same thing, but applies some additional tests. It may create some additional server overhead, but only when this folder is being accessed, which is when you are publishing, which is not that often.

I can't say I understood well the differences between FollowSymLinks and SymLinksIfOwnerMatch. If you are the only person who publishes to your site, then I suspect SymLinksIfOwnerMatch will work for you, as it does for me. But if there are multiple people who publish to your site, using different user names, and if the use of SymLinksIfOwnerMatch appears to freeze them out, then FollowSymLinks is probably the next thing to try.

Some other points:

The above modifications have allowed me to use mod_rewrite (RewriteEngine, RewriteCond, RewriteRule) in my htaccess file without corrupting the FPEs. I'm hopeful that it might also allow using other cpanel features such as Hotlink Protection, IP Deny, etc., but I haven't tested any of those. If you want to experiment with those, I would suggest saving the text from your known-good htaccess file before you start (so you can paste it back in if the experiment fails), use cpanel to apply Hotlink Protection (or whichever cpanel feature you are testing), and then open public_html/.htaccess manually, locate the code that cpanel inserted into it, and move it down to the end of the file so it is out of the way of FrontPage's code, just as a precaution.

If you test this mod with other cpanel features, please post the results here, whether positive or negative.

When you copy your server's .htaccess file lines for external use, you must do it using cpanel File Manager's Edit File mode. When you use its Show File mode, critical tags that are in the file don't show, and the lines you copy, missing those tags, will be useless.

Tink *~*~*, it looks like your best solution for the time being would be Rick_E's file swapping method.

Immediately after you have reinstalled your FPE's from scratch (but before you apply any cpanel options like Hotlink Protection), use cpanel > File Manager to go to your public_html/.htaccess file, go into Edit mode, copy all of its lines, (then close the browser window; the file won't be saved) and save the copied lines into a Notepad file on your local computer. This is your basic htaccess file. It is known-good, and if you subsequently corrupt your FPE's again, you should be able to place this text into htaccess on your server, and restore your FrontPage access.

After you have installed Hotlink Protection from cpanel, follow the same procedure as above, but save these text lines to a different file. This is your "but I can't publish from FrontPage!" htaccess file. It has Hotlink Protection lines in it that corrupt your FPE's.

Use this second file when your site is in normal operation.

When you want to publish with FrontPage, paste the text from your known-good htaccess file into htaccess on your server first. Then publish.  Then put your second file back in place.

I guess it sounds complicated until you've done it a couple of times, but it's a lot easier than reinstalling the FPE's all the time.