By Garnet R. Chaney
This page is mentioned in my searches at Fun with .htaccess files.
The .htaccess file is a very powerful configuration tool for users of the Apache web server. Here are some quick tips and tricks about how an .HTACCESS file can be placed in the various
directories of your web server t[*]provide specific handling of various Apache web server options for that directory.
Apache Configuration
- Apache web servers have tw
- main places for configuration information:
- httpd Config files (typically located somewhere like /etc/httpd/)
- Per-directory .htaccess files
- Usually only the administrators of a server have access t
- the httpd config files. Individual users are able t
- place .htaccess files in their individual directories in order t
- override
the options in the httpd config files. - .htaccess files are reread upon every hit within that directory. In fact, the web server will look for these .htaccess files on every access t
- the web server.
What can web hosting users d[*]with .htaccess?
- Specify custom error documents
- Add special document handlers and MIME types
- Set environment variables
- Redirect URLs from one t
- another
- Rewrite one URL int
- another
- Restrict documents t
- specific people
- .htaccess Format
- The dot in .htaccess makes it a 'hidden' Unix file. It is not listed in a normal directory listing. If default directory indexes are enabled on the web server, this file will be hidden in
those lists als - .
- It is a plain ASCII text file. It should be editted with an ASCII text editor like notepad.
- Comments are marked with a hash (#) at the start of the line.
# this is a commented-out line
[*]It needs t[*]be readable by the server ('world' readable), which can be a security problem.
Custom Error Documents
[*]Some sites establish site wide 404 error pages. For example:
There is a [ur=http://www.characterology.com/thisdocumentshouldnotexist.htmll]Characterology Default 404 error page[/url].
[*]404 handlers can be created by every web hosting user. They can even be put in every indivdual directory. For example:
Psychology Department's Error Page
[*]Usage:
- Code: Select all
ErrorDocument 404 errors/404.html
Note: It's probably better t[*]start with a leading / s[*]that this directive has a complete path specification t[*]make sure that the 404 handler page can always be found.
[*]You can als[*]have error documents created by CGI:
- Code: Select all
ErrorDocument 404 /psych/cgi-bin/error/error?404
[*]An example of the power of customized error documents is for telling people why their authentication failed
Enabling server-side includes
[*]Server-side includes are macros within HTML expanded on the fly
[*]Dynamically
[*]Conditionally
[*]Usage:
- Code: Select all
AddType text/html .shtml
AddHandler server-parsed .shtml
[*]See Apache's Handler Use and [url=http://mirror.aarnet.edu.au/apache/docs/mod/mod_include.html]mod_include
documentation[/url] for more information.
[*]ITS has documentation on Server Side Includes at Monash
Modifying the Environment
[*]Environment variables contain information used by server-side includes and CGI.
[*]For instance, an SSI statement:
- Code: Select all
<--#ech[*]SITE_WEBMASTER -->
[*]Setting, unsetting:
- Code: Select all
SetEnv SITE_WEBMASTER "Jack Sprat"
SetEnv SITE_WEBMASTER_URI mailt[*]:Jack.Sprat@characterology.com
UnSetEnv REMOTE_ADDR
Adding new MIME types
[*]The type of file depends on the filename extension.
[*]Unrecognized file extensions are treated as text data, and corrupted on download.
[*]Examples:
- Code: Select all
AddType application/x-endnote-connection enz
AddType application/x-endnote-filter enf
AddType application/x-spss-savefile sav
Restricting documents
[*].htaccess files provide a number of different ways t[*]restrict documents:
[*]by accessor host address
[*]by browser type
[*]by accessor HTTP Basic credentials
[*]by phase of moon...
[*]Characterology campus-only access:
order deny,allow
deny from all
allow from 130.194 characterology.com
Authcate Restricted Documents
[*]Characterology Authcate credentials:
- Code: Select all
order deny,allow
deny from all
AuthType Basic
AuthName "Characterology Directory Service"
AuthLDAP on
AuthLDAPServer ldap://directory.characterology.com/
AuthLDAPBase "[*]=Characterology University, c=au"
require valid-user
[*]It is possible t[*]restrict wh[*]can access it even further
[*]Staff only
[*]Students only
[*]By Subject enrolment
[*]Specific individuals
[*]See the ITS documentation on MDS HTTP Authentication
[*]For restricting access s[*]that non-Monash people can access it, consider AuthUserFile.
Protecting a single file
[*]Normally .htaccess applies t[*]the entire directory
[*]With the
<Files>
directive you can restrict it t[*]specific files:
- Code: Select all
<Files quiz.html> order deny,allow
deny from all
AuthType Basic
AuthName "Characterology Student Authcate"
AuthLDAP on
AuthLDAPServer ldap://directory.characterology.com/
AuthLDAPBase "ou=Student, [*]=Characterology University, c=au"
require valid-user
satisfy any </Files>
[*]Another example - protecting the .htaccess file itself:
- Code: Select all
<Files .htaccess> order deny,allow
deny from all </Files>
*
<FilesMatch>
does the same except using a regular expression wildcard.
Redirecting the client
[*]The server can be instructed t[*]send a redirection back t[*]the client whenever a particular URL is requested
[*]Several different types of redirection:
[*]permanent - the resource has moved permanently
[*]temp - it has temporarily moved elsewhere
[*]seeother - the resource has been replaced
[*]gone - it has been permanently removed
[*]Usage:
- Code: Select all
Redirect permanent /psych/subject/timetable http://www.characterology.com/psych/subject/ttable
Redirect gone /psych/subject/1998
Redirect seeother /psych/subject/1999/ /psych/subject/2000/
[*]The redirection applies t[*]all documents under that URI path (eg., /psych/subject/1999/psy1011/books.html will be redirected t[*]/psych/subject/2000/psy1011/books.html).
[*]See the Apache documentation on the Redirect statement for detailed information.
Rewriting the URL
[*]Unlike Redirect, the client is unaware of any server-side rewriting of the URL.
[*]Rewrite rules are applied repeatedly t[*]the URL t[*]change it int[*]another URL.
[*]Example:
- Code: Select all
RewriteEngine on
RewriteBase /psych
RewriteRule test/printenv(.*) cgi-bin/printenv$1
[*]The bracket-dot-star-bracket has special meaning: it is a regular expression
Aside: Regular Expressions
[*]Patterns ("wildcards") are matched against a string
[*]Normal alphanumeric characters are treated as normal
[*]Special characters:
[*]. (full stop) - match any character
[*][*](asterix) - match zer[*]or more of the previous symbol
[*]+ (plus) - match one or more of the previous symbol
[*]? (question) - match zer[*]or one of the previous symbol
[*]\? (backslash-something) - match special characters
[*]^ (caret) - match the start of a string
[*]$ (dollar) - match the end of a string
[*][set] - match any one of the symbols inside the square braces.
[*](pattern) - grouping, remember what the pattern matched as a special variable
[*]Examples:
[*]a+ matches "a", "aaaa", "aaaaaaaaaaaa", but not "bbb"
[*][ab]+ matches, "a", "b", or any length combination of the tw[*][*]\.s?html? matches ".htm", ".shtm", ".html" or ".shtml"
[*](.+)/1999/(.+) matches "subject/1999/psy1011/", and als[*]stores "subject" in $1 and "psy1011/" in $2.
[*]Regular expressions are very extensive.
[*]Documentation on silas: man regex
[*]Friedl (1997). Mastering Regular Expressions. [*]'Reilly.
More Rewrite voodo[*]
[*]Rewrites can be conditional, for example, rewrite only if the file could not be found:
- Code: Select all
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.+)errata\.html?$ cgi-bin/errata/errata-html/$1
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule images/barcode/(.*).gif cgi-bin/barcode/mkgif?$1
[*]RewriteCond is very powerful. You can test on environment variable values:
- Code: Select all
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*
RewriteRule ^/$ /homepage.max.html [L]
RewriteCond %{HTTP_USER_AGENT} ^Lynx.*
RewriteRule ^/$ /homepage.min.html [L]
RewriteRule ^/$ /homepage.std.html [L]
[*]Full information on RewriteCond can be found within the Apache documentation on mod_rewrite
[*]The Apache URL Rewriting Guide is strongly recommended. Typical problems are presented along with their solution.
Want More Inf[*]About Apache Directives?
[*]Consult the Apache Directives Documentation.
Source: Liberal borrowing from http://www.its.monash.edu.au/web/slides ... ss/all.htm
Fun with .htaccess files
.HTACCESS files useful tips and tricks