FREE THOUGHT · FREE SOFTWARE · FREE WORLD

Home  »  Htaccess  »  .htaccess – Wikipedia

by 1 comment

.htaccess (Hypertext Access) is the default name of Apache'sdirectory-level configuration file. It provides the ability to customize configuration directives defined in the main configuration file. The configuration directives need to be in .htaccesscontext and the user needs appropriate permissions.


Statements such as the following can be used to configure a server to send out customized documents in response to client errors such as "404: Not Found" or server errors such as "503: Service Unavailable" (see List of HTTP status codes):
ErrorDocument 404 /error-pages/not-found.html
ErrorDocument 503 /error-pages/service-unavailable.html
When setting up custom error pages, it is important to remember that these pages may be accessed from various different URLs, so the links in these error documents (including those to images, stylesheets and other documents) must be specified using URLs that are either absolute (e.g., starting with "http://") or relative to the document root (starting with "/"). Also, the error page for "403: Forbidden" errors must be placed in a directory that is accessible to users who are denied access to other parts of the site. This is typically done by making the directory containing the error pages accessible to everyone by creating another .htaccess file in the /error-pages directory containing these lines:
Order allow,deny
Allow from all

Contents

[hide]

Password protection

Make the user enter a name and password before viewing a directory.
AuthUserFile /web/newuser/www/stash/.htpasswd
AuthGroupFile /dev/null
AuthName "Protected Directory"
AuthType Basic

require user newuser

The same behavior can be applied to specific files inside a directory.

AuthUserFile /web/newuser/www/stash/.htpasswd
AuthName "Protected File"
AuthType Basic
Require valid-user

Now run this command to create a new password for the user 'newuser'.
htpasswd /web/newuser/www/stash/.htpasswd newuser

Password unprotection

Unprotect a directory inside an otherwise protected structure:
Satisfy any

Extra secure method to force a domain to only use SSL and fix double login problem

If you really want to be sure that your server is only serving documents over an encrypted SSL channel (you wouldn't want visitors to submit a htaccess password prompt on an unencrypted connection) then you need to use the SSLRequireSSL directive with the +StrictRequire Option turned on.
SSLOptions +StrictRequire
 SSLRequireSSL
 SSLRequire %{HTTP_HOST} eq "site.com" #or www.site.com
 ErrorDocument 403 https://site.com
An interesting thing when using the mod_ssl instead of mod_rewrite to force SSL is that apache give mod_ssl priority ABOVE mod_rewrite so it will always require SSL. (may be able to get around first method using http://site.com:443 or https://site.com:80)
  • An in-depth article about what this is doing can be found in the SSL Forum

Enable SSI

AddType text/html .shtml
AddHandler server-parsed .shtml
Options Indexes FollowSymLinks Includes

Deny users by IP address

Order allow,deny
Deny from 123.45.67.8
Deny from 123.123.7
Allow from all
This would ban anyone with an IP address of 123.45.67.8 and would also ban anyone with an IP address starting in 123.123.7: for example, 123.123.74.42 would not gain access.

Change the default directory page

DirectoryIndex homepage.html
Here, anyone visiting http://www.example.com/ would see the homepage.html page, rather than the default index.html.

Redirects

Redirect page1.html page2.html
If someone were to visit http://www.example.com/page1.html, he would be sent (with an HTTP status code of 302) to http://www.example.com/page2.html

Prevent hotlinking of images

The following .htaccess rules use mod rewrite.

From specific domains

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://([^/]+.)?baddomain1.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://([^/]+.)?baddomain2.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://([^/]+.)?baddomain3.com [NC]
RewriteRule .(gif|jpg)$ http://www.example.com/hotlink.gif [R,L]

Except from specific domains

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?example.com/.*$ [NC]
RewriteRule .(gif|jpg)$ http://www.example.com/hotlink.gif [R,L]
Unless the image is displayed on example.com, browers would see the image hotlink.gif.
Note: Hotlink protection using .htaccess relies on the client sending the correct "Referer" value in the http GET request. Programs such as Windows Media Player send a blank referrer, so that attempts to use .htaccess to protect movie files for example are ineffective.

Standardise web address to require www with SEO-friendly 301 Redirect

If an address without the "www." prefix is entered, this will redirect to the page with the "www." prefix.
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^$       #check that HTTP_HOST field is present
RewriteCond %{HTTP_HOST} !^www.sitename.com$ [NC] #case-insensitive
RewriteRule ^(.*)$ http://www.sitename.com/$1 [R=301,L] #301 Redirect, very efficient
See the Ultimate htaccess File for more examples..

Directory rules

A .htaccess file controls the directory it is in, plus all subdirectories. However, by placing additional .htaccess files in the subdirectories, this can be overruled.

User permissions

The user permissions for .htaccess are controlled on server level with the AllowOverride directive which is documented in the Apache Server Documentation.

Other uses

Some web developers have modified .htaccess to perform custom tasks server-side before serving content to the browser. Developer Shaun Inman shows it is possible to edit .htaccess to allow for Server Side Constants within CSS.

See also

External links

Tags

January 3rd, 2007

Comments Welcome

  • Birendra Singh

    Hi,

    In my website some urls are in upper case and some are in lower case. The upper case urls are not working, the website is hosted in Apache server on linux machine.
    Can some one suggest me the required code to be added in .htaccess file.

    Thanks


Related Articles


My Online Tools
Popular Articles


Hacking and Hackers

The use of "hacker" to mean "security breaker" is a confusion on the part of the mass media. We hackers refuse to recognize that meaning, and continue using the word to mean someone who loves to program, someone who enjoys playful cleverness, or the combination of the two. See my article, On Hacking.
-- Richard M. Stallman









[hide]

It's very simple - you read the protocol and write the code. -Bill Joy

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. NCSA HTTPd.
UNIX ® is a registered Trademark of The Open Group. POSIX ® is a registered Trademark of The IEEE.

+Askapache | askapache

Site Map | Contact Webmaster | License and Disclaimer | Terms of Service

↑ TOPMain