Dismiss Notice
Welcome to Our Community
Wanting to join the rest of our members? Feel free to sign up today.

.htaccess Files

Discussion in 'General Webmaster Helpdesk' started by ovi, Jun 24, 2005.

  1. ovi

    ovi Guest

    Access Configuration or .htaccess files can be used to change various directives for a directory and any directories beneath it.

    Each Apache server has a global access configuration file which can set the defaults for all directories. It can also limit or completely forbid .htaccess files. If you administer your own server, great. Otherwise, you may need to check with the admin to see if any limitations are in place. We're not going to deal with this type of configuration, just with .htaccess.

    The .htaccess file itself is a text file, which you place in the directory you want it to affect. So, if you want it in force for your whole site, put it in your main web directory. It will affect all directories beneath it as well. You can place another .htaccess file in a specific directory and any directives you specify there will over-ride the ones higher up in the directory tree.

    MIME Types

    You can map MIME Types to extensions, adding to or overriding the default:

    AddType image/gif fred
    AddType text/html fish

    So, any file with the extension .fred will be parsed as a gif.

    NOTE: This won't work for all browsers. And IE5 will usually display the image as a gif regardless of the extension, since it tries be helpful.

    On Apache 1.3.13 and later, you can also use RemoveType to undo associations made in .htaccess files higher up. (I can't demonstrate this as I'm on a server that uses an earlier version.)

    RemoveType blue

    You can do other, more complex mods as well. More on MIME Type Modifications:

    You can also set the DefaultType. Normally, you wouldn't want to do this. But if you had a whole directory of images, for example, and didn't want to name them .gif, you could say:

    DefaultType image/gif

    The usual default is text/html and does not need to be specified.


    If you're rearranging your site or if someone published an incorrect URL, you can use .htaccess to painlessly redirect the user to the correct page. (This might not work in every single browser.) The syntax is:

    redirect accessed-file URL-to-go-to

    redirect /weav/htaccess/redirect.html http://www.yourdomain.com/weav/

    Error Handling

    You spend a lot of time giving your web sites a consistent look and feel. Everything is all wonderful, beautiful, branded, and sleek. But then somebody clicks on a broken link (on someone else's site -- I know your links always work) and they get the dreaded File Not Found page. And it's ugly and says nothing about your site or your company. So they go away.

    But all is not lost -- you can use an .htaccess file to give your error docs the same look and feel as the rest of your site.

    You can specify a URL instead of a path:

    ErrorDocument 404 http://www.yahoo.com

    You can use more than one response for an error, to send a message to the user and also to try to analyse the problem, for example:

    ErrorDocument 500 "Sorry, but the server is not feeling well
    ErrorDocument 500 /cgi-bin/crash-recover

    This would display the message to the user and also run the script.

    Restricting Access

    Sometimes you might want to restrict access to all or part of your site. Maybe you have one area devoted to administration or maybe the site is only intended for a certain group of people. Or maybe you're trying to block a specific group of people.

    You can allow or deny access based on domain/IP. To deny anyone from a certain domain, use:

    deny from .aol.com

    You could also use an IP or range of IPs:

    deny from 24.64.

    This would deny anyone whose IP started with 24.64.

    Often, you'll want to deny everyone and then allow certain people.

    order deny,allow
    deny from all
    allow from
    allow from .islandnet.com

    The first line indicates in which order the directives should be processed. You'll most likely want to use domain names rather than IPs unless you're in a situation where the IPs are static.

    You can also use a sectioning directive called Limit to specify which connection methods this applies to.

    <Limit GET get POST post>
    order deny,allow
    deny from all
    allow from
    allow from .islandnet.com

    Here, the limits only apply to pages and scripts called through GET and POST. Normally, a browser will issue a GET in the header. These are listed twice because they are case-sensitive and some browsers do it one way, some another. You could, if you liked, simply restrict POST so that all users could view pages but only certain ones could use forms.

    You can also use usernames and passwords to restrict access. Here's the syntax:

    authtype Basic
    authname WEAV
    authuserfile /home/k/kfriesen/pass
    require valid-user

    authtype is the type of password authentication. Basic is the standard one. Your server might support another type, like Kerberos, but it's not that usual.

    authname is the name of the realm for which the username and password are valid. The name is presented on the login form. As well, it's saved for the current session. You could use this to allow access to two separate but not nested directories without having to prompt the user a second time for the information.

    authuserfile is where the password file resides. (More on creating the password file below.) Note that this should NOT be in your www directory. If you don't know the pathname to your files, you can ask your admin or derive it from PHP's global variable $DOCUMENT_ROOT.

    require valid-user will allow any authenticated user in. But if you want to use the same password file for many directories, you can specify users or groups here:

    require user karen rod fred

    To use group files, you need two extra lines:

    authgroupfile /home/k/kfriesen/mygroups
    require group weav

    The group file is a text file containing one or more lines. Each line contains the name of a group and the users:

    weav: karen rod fred

    So, instead of having to specify the three users, we can specify the group weav.

    Creating the Password File

    If you have shell access to your server and htpasswd is installed (you might need to check with your admin about this), you can create the file by telneting to the server and then typing:

    htpasswd -c myusers karen

    Adding password for karen.
    New password: happydogs
    Re-type new password: happydogs

    myusers is the name of the password file. To add users once the file is created, simply omit -c.

    htpasswd myusers rod

    If you don't have access to htpasswd, then you can use PHP's crypt() function to create the passwords for the file. The passwords are encrypted using standard DES encryption. The first two characters of the hash will be the salt. The password file should look like this:


    IMPORTANT NOTE: Even when you're using hashed passwords, the information is not encrypted until it reaches the server. So, use a secure connection if possible. (You might be able to write a javascript that would encrypt the info client side as well.

    If you are using both require and allow to restrict access, you need one more line:

    satisfy any


    satisfy all

    If any, satisfying either allow or require is enough. If all, both are required.

    I hope that you will find this information utile for you, I have find utile when once I need htaccess and our coder was not available. It's a greate tool.

  2. lala

    lala New Member Webmaster

    Thank you Ovi. This is great stuff!

  3. UK WW ex member

    UK WW ex member New Member Webmaster

    Found the post just on time . recently needed to do some url rewriting:)

    thanks a lot
  4. mariuskl

    mariuskl Guest

    Some wonderfull stuff for those who want to create a directory

    Thanks for sharing :)
  5. Mxhub

    Mxhub New Member Webmaster

    Another way of doing redirection is using 301, which is much recommend.

    Options +FollowSymLinks
    RewriteEngine on
    RewriteRule (.*) http://www.newdomain.com/$1 [R=301,L]
  6. Nonactiveuser8999

    Nonactiveuser8999 New Member Webmaster

    Great article over there :)

    Thanks for the great tips

Featured Resources (View All)

Share This Page