|
.htaccess (Hypertext Access) is the default name of Apache's directory-level
configuration file. It allows webmasters to customize configuration
directives, normally available in the main httpd.conf.
htaccess allows webmasters to do a range of customization to a webservers
behaviour in a directory, including password protecting them, denying
access, error handlers, redirects and a lot more. htaccess is particularly
useful when you don't have root access to the server. For example,
in virtual Web Hosting and ISPs.
Before making any of these configurations, however, the following
points need to be kept in mind.
- Your webserver Administrator should allow you to make these changes
by using ``AllowOverride All'' in the main configuration file(httpd.conf)
- You need to make sure that you are not using Microsoft Frontpage on
your website. Frontpage uses htaccess for its own directives. Changing
the .htaccess files to insert new directives ``will'' break your
website.
- Test, Test, Test. Test new htaccess configurations on an empty directory
before making it LIVE.
A .htaccess file controls the directory it is in, plus all subdirectories.
However, by placing additional .htaccess files in the subdirectories,
this can be overruled. Therefore, if you have an .htaccess file in
a subdirectory and another one in a parent directory, the one in the
subdirectory will be followed.
Error handlers are setup so that custom pages can be displayed to
users, should they encounter an error on your website. For example,
if they should encounter a ``Not found'' 404 error, they could
get directed to a good looking page, rather than the boring default
error page.
To achieve this, simply put this little snippet in your .htaccess
file.
ErrorDocument 400 /errors/404.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
You can name the pages anything you want, provided it is linked correctly
in the .htaccess file.
The most common error pages are
404 - Page not found error
400 - Bad Request
403 - Forbidden error
500 - Internal server error
Password protecting a web directory can be achieved by putting this
little snippet in your .htaccess file in the directory you want to
protect.
AuthType Basic
AuthName "Password Required"
AuthUserFile /www/passwords/.htpasswd
In order for the password protect to work, you should create a .htpasswd
file. You can create it by doing these steps.
[root@localhost ~]# cd /var/passwords
[root@localhost ~]# htpasswd -c .passwd username
New password:
Re-type new password:
Adding password for user username
[root@localhost ~]# cat .passwd
username:wLU7nnYVpdXO2
[root@localhost ~]#
In order for this to work, your Web administrator should have allowed
``AllowOverride AuthConfig'' in the server wide httpd.conf.
You can deny users based on IP or IP block by putting in this snippet
in your .htaccess.
order allow,deny
deny from 98.654.321.12
deny from 98.654.322.
allow from all
The second line, specifically denies one IP 98.654.321.12. The third
line denies all the IPs starting with 98.654.322. . This is particularly
useful if you have seen strange activity on your website by unknown
IPs in your access logs.
Some webmasters use this feature to deny whole ISPs or datacenters
access, especially if they find credit card fraud or increased attempts
from poorly secured servers.
You can also deny by domain name. For example ``deny from .madguy.com'',
denies all users from www.madguy.com or abc.madguy.com .
Assume you are using index.php instead of index.html as your main
home page. But the webserver is configured to access index.html first.
All you need to do is to add this to your .htaccess.
DirectoryIndex index.php index.html
This makes the php file the default file. In case the php file is
not around, it will look for the index.html file.
The good thing about htaccess is that I can use it to control the
php variables as well. PHP's behaviour is controlled a large extent
by the /etc/php.ini file. In a server shared by many websites, it
may not be possible to change the php.ini file for everyone's special
needs. Thats where the .htaccess file comes in.
For example, if you want to turn the register globals off, simply
put this in the .htaccess file
php_flag register_globals Off
In this way, you can override any php.ini variable, by putting such
entries in the .htaccess file. Of course, this works only if it is
allowed by the administrator.
Webmasters use Redirects during maintenance(to redirect from index.html
to tempmessage.html) or to redirect from an old file to a new file.
In order to redirect from http://yoursite.com/old/file.html to http://yoursite.com/new/file.html,
simply put this line in your .htaccess file.
Redirect /old/file.html http://yoursite.com/new/file.html
The /old is relative to the root of your website. i.e at http://yoursite.com/old.
In order to allow SSI(Server Side Includes) in one directory, simply
include this snippet in the .htaccess file in that directory.
Options +Includes AddType text/html shtml AddHandler server-parsed
shtml
About the author: Sangeetha Naik heads Bobcares.com. She is the co-founder of Poornam Info Vision Ltd., Software and IT services company specializing in Linux based solutions for Webhosts and ISPs. Poornam Info Vision is an ISO 9001:2000 certified company with a team of over 140 engineers.
Sangeetha is a Computer Engineer based in India and has over 7 years of experience in the Hosting industry. Her articles have been published both online as well as in print.
|
US: 1-602-288-9145
|
Sitemap
