Practical solutions concerning the use of the .htaccess file
Posted by Support, Last modified by Support on 27 March 2014 08:21 AM
Practical solutions concerning the use of the .htaccess file
Setting a password:
Programs list for managing of the Apache servers
When you type an address in the address bar of your browser, your computer receives files that your browser displays. The web server controls which files and how should be displayed (sent) to you. The two most popular servers are IIS and Apache.
Like any other software, a web server has certain settings. However, as an Apache user, you may have no (and if we talk about virtual hosting, most probably you will have no) rights to change the Apache configuration using its main configuration files that affect all server users. But you can modify some configuration files that affect only your website. One of such files is .htaccess.
It is a flexible Apache web server configuration file. "Flexible" means that as soon as you modify anything in this file, the changes are applied immediately. You can use it to redefine a lot of directives from the file httpd.conf (this file is the main configuration file in Apache and it affects absolutely all users of this Apache copy). In those cases when you have no access to the Apache configuration file (exactly in case of virtual hosting), it is this file that will help you.
A web user cannot access this file using the browser. If the .htaccess file is located in the root directory of the server, it affects the entire server except those directories where other .htaccess files are stored (and except all their subdirectories).
Your directories have the following structure on the server:
The directories 'user1' and 'user2' will be subdirectories for the user directory. If we put the .htaccess file in the 'user' directory, it will automatically affect directories 'user1' and 'user2'.
We save another .htaccess file to the 'data' directory, this file is different from the one stored in the 'user' directory. The .htaccess file located in 'data' will affect the directories 'data1' and 'data2'.
Now we save another .htaccess file that is different from the one stored in the directory 2 levels higher (the 'user' directory) to the 'user2' directory. As a result, the settings of the 'user2' directory will be defined only by the .htaccess file located in this directory.
Since most often Apache is configured in such a way that it always searches each directory for this file, .htaccess will help you quickly reconfigure the server without stopping it.
Here is the required syntax. If you do not observe it, it will result in server errors.
paths to files (directories) are specified from the server root. Example (replace userXXXX with your FTP username):
domains with protocols specified. Example:
The file name is exactly "dot" htaccess. It must be in the UNIX format (ASCII mode).
How to forbid visitors to read files from a directory?
In this case, <your_IP> stands for a specific address. For example:
Using <your_IP> is similar to the example above.
Defines access to a file by its extension. For example, forbidding web visitors to access files with the "inc" extension:
In this example the Apache server can access files with this extension.
You can forbid a particular file using its name and extension.
This example forbids the file config.inc.php to be accessed.
Setting a password
For example, we create the following .htaccess file in the protected directory:
In this example, the user requesting this directory will read the message "For Registered Users Only", the file with passwords for access must be stored in the directory /pub/site.com/ and it must be named .htpasswd . The directory is specified from the server root. If you specify the directory incorrectly, Apache will not be able to read the .htpasswd file and nobody will get access to this directory.
Similar to protecting a whole directory with a password, you can set a password for one file only. An example of setting a password to the file private.zip:
Similarly, you can use
Task: there is a directory named a1 containing two subdirectories (a2, a3), there are two access levels for users. The first group can access only a1 and a2, the second group can access all three directories. You should perform authentication only once - when accessing a1, but observe access rights for Ð°2 and Ð°3.
a1 - common and protected at the same time
The .htaccess file for the directory Ð°1:
The .htaccess file for the directory Ð°2:
The .htaccess file for the directory Ð°3:
How to redirect a visitor?
To redirect a visitor to http://site.com, add the following to .htaccess
For example, redirecting visitors with IP 126.96.36.199 to the page about_my_site.html:
It is already for all network viruses and scanners. Now any request with the address /_vti_bin will be automatically redirected to Microsoft:
To change the page that will be displayed when a visitor access a directory, write:
It is possible to specify several pages:
SSI allows you to "assemble" a page using its parts. You have the code of the menu in one part, the code of the header in another part and the footer in a third part. And the visitor sees a usual page consisting of the code stored in your parts.
Add the following to the .htaccess file:
AddType text/html .shtml AddHandler server-parsed .shtml Options Indexes FollowSymLinks Includes
The most interesting and useful Apache errors are 403-404, 500.
403 - the user has not been authenticated, access denied (Forbidden).
For the user to see your own error messages for these error, add the following to .htaccess:
If error 404 occurs, the user receives the file errors/403.html.
It is convenient to create your own handler for some errors. Add the following to .htaccess:
Determine the document that caused error in error.php using $HTTP_SERVER_VARS['REQUEST_URI'] and process it then. If .htaccess contains the file with the full path for ErrorDocument (http://site.com/error.php), $HTTP_SERVER_VARS['REQUEST_URI'] will contain this file instead of the one that caused the error.
Internet Explorer 5.0 incorrectly processes the error file if it is smaller than 1 kilobyte. It opens the standard IE 404 page.
Suppose all graphics used on your site is stored in the 'img' directory. A visitor can type the address of this directory in his browser and see the list of all your image files. Of course, it will not cause any damage, but you might forbid the visitor to view this directory as well. Add the following to .htaccess:
When the Internet only came to existence and first browsers appeared, it often happened that the browser could not automatically determine which of the Russian encodings a document was written in and the browser displayed a complete mess. To avoid it, specify that all pages will be encoded in Windows-1251:
When a visitor uploads a file to the server, it is possible to recode it. To do it, specify that all uploaded files will be encoded in Windows-1251:
There is an error in its syntax or the file is saved in the wrong format. See this question.