http://en.wikipedia.org/wiki/.htaccess#External_links
.htaccess
From Wikipedia, the free encyclopedia
Jump to: navigation, search
.htaccess (Hypertext Access) is the default name of Apache's directory-level configuration file. It provides the ability to customize configuration directives defined in the main configuration file. The configuration directives need to be in .htaccess context and the user needs appropriate permissions.
Statements such as the following can be used to configure a server to send out customized documents in response to client errors such as "404: Not Found" or server errors such as "503: Service Unavailable" (see List of HTTP status codes):
ErrorDocument 404 /error-pages/not-found.html
ErrorDocument 503 /error-pages/service-unavailable.html
When setting up custom error pages, it is important to remember that these pages may be accessed from various different URLs, so the links in these error documents (including those to images, stylesheets and other documents) must be specified using URLs that are either absolute (e.g., starting with "http://") or relative to the document root (starting with "/"). Also, the error page for "403: Forbidden" errors must be placed in a directory that is accessible to users who are denied access to other parts of the site. This is typically done by making the directory containing the error pages accessible to everyone by creating another .htaccess file in the /error-pages directory containing these lines:
Order allow,deny
Allow from all
Contents
[hide]
* 1 Password protection
o 1.1 Password unprotection
* 2 Enable SSI
* 3 Deny users by IP address
* 4 Change the default directory page
* 5 Redirects
* 6 Prevent hotlinking of images
o 6.1 From specific domains
o 6.2 Except from specific domains
o 6.3 Standardise web address
* 7 Directory rules
* 8 User permissions
* 9 Other uses
* 10 See also
* 11 External links
[edit] Password protection
Make the user enter a name and password before viewing a directory.
AuthUserFile /home/newuser/www/stash/.htpasswd
AuthGroupFile /dev/null
AuthName "Protected Directory"
AuthType Basic
<Limit GET POST>
require user newuser
</Limit>
The same behavior can be applied to specific files inside a directory.
<Files protected_file.php>
AuthUserFile /home/newuser/www/stash/.htpasswd
AuthName "Protected File"
AuthType Basic
Require valid-user
</Files>
Now run this command to create a new password for the user 'newuser'.
htpasswd /home/newuser/www/stash/.htpasswd newuser
[edit] Password unprotection
Unprotect a directory inside an otherwise protected structure:
Satisfy any
[edit] Enable SSI
AddType text/html .shtml
AddHandler server-parsed .shtml
Options Indexes FollowSymLinks Includes
[edit] Deny users by IP address
Order allow,deny
Deny from 123.45.67.8
Deny from 123.123.7
Allow from all
This would ban anyone with an IP address of 123.45.67.8 and would also ban anyone with an IP address starting in 123.123.7: for example, 123.123.74.42 would not gain access.
[edit] Change the default directory page
DirectoryIndex homepage.html
Here, anyone visiting
http://www.example.com/ would see the homepage.html page, rather than the default index.html.
[edit] Redirects
Redirect page1.html page2.html
If someone were to visit
http://www.example.com/page1.html, he would be sent (with an HTTP status code of 302) to
http://www.example.com/page2.html
[edit] Prevent hotlinking of images
The following .htaccess rules use mod rewrite.
[edit] From specific domains
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://([^/]+\.)?baddomain1\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://([^/]+\.)?baddomain2\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://([^/]+\.)?baddomain3\.com [NC]
RewriteRule \.(gif|jpg)$
http://www.example.com/hotlink.gif [R,L]
[edit] Except from specific domains
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com/.*$ [NC]
RewriteRule \.(gif|jpg)$
http://www.example.com/hotlink.gif [R,L]
Unless the image is displayed on example.com, browers would see the image hotlink.gif.
Note: Hotlink protection using .htaccess relies on the client sending the correct "Referer" value in the http GET request. Programs such as Windows Media Player send a blank referrer, so that attempts to use .htaccess to protect movie files for example are ineffective.
[edit] Standardise web address
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$
http://www.%{HTTP_HOST}/$1 [R=301,L]
If anyone types in your sites address without the 'www' prefix, this will redirect them to the page with the 'www' prefix
[edit] Directory rules
A .htaccess file controls the directory it is in, plus all subdirectories. However, by placing additional .htaccess files in the subdirectories, this can be overruled.
[edit] User permissions
The user permissions for .htaccess are controlled on server level with the AllowOverride directive which is documented in the Apache Server Documentation.
[edit] Other uses
Some web developers have modified .htaccess to perform custom tasks server-side before serving content to the browser. Developer Shaun Inman shows it is possible to edit .htaccess to allow for Server Side Constants within CSS.
Register
Login
