Difference between revisions of ".htaccess"
(→See also) |
(→Standardise web address) |
||
Line 87: | Line 87: | ||
*Permanent address change: suppose your site has permanently moved to a new domain. The following rules apply said changes: | *Permanent address change: suppose your site has permanently moved to a new domain. The following rules apply said changes: | ||
RewriteCond %{HTTP_HOST} ^www.domain.com$ [NC] | RewriteCond %{HTTP_HOST} ^www.domain.com$ [NC] | ||
− | RewriteRule ^(.*)$ http://www.domain2.com/$1 [R=301, L] | + | RewriteRule ^(.*)$ <nowiki>http://www.domain2.com/$1</nowiki> [R=301, L] |
Here "<code>[NC]</code>" means case insensitive and its called "<code>RewriteCond</code> Flags". <code>[R=301]</code> means "moved permanently". It is called a redirection header code. | Here "<code>[NC]</code>" means case insensitive and its called "<code>RewriteCond</code> Flags". <code>[R=301]</code> means "moved permanently". It is called a redirection header code. |
Revision as of 21:37, 15 April 2015
.htaccess
(Hypertext Access) is the default name of Apache's directory-level configuration file. It provides the ability to customize configuration directives defined in the main configuration file. The configuration directives need to be in .htaccess
context and the user needs appropriate permissions.
Contents
- 1 Common usage
- 2 Directory rules
- 3 User permissions
- 4 Other uses
- 5 See also
- 6 External links
Common usage
Custom Error Pages
ErrorDocument 404 my404page.html
- This code can be used to create any custom page. Certain pages are more complicated to modify — if you create a custom 404 Forbidden page, then a viewer will not see the custom page. Here is an example showing a method used to get around this:
ErrorDocument 404 /public/my404page.html
- In this case you would need another
.htaccess
file in/public
, containing these lines:
Order allow,deny Allow from all
Password protection
Make the user enter a name and password before viewing a directory.
AuthUserFile /home/newuser/www/stash/.htpasswd AuthGroupFile /dev/null AuthName "Protected Directory" AuthType Basic <Limit GET POST> require user newuser </Limit>
Now run this command to create a new password for the user 'newuser'.
htpasswd /home/newuser/www/stash/.htpasswd newuser
Password unprotection
Unprotect a directory inside an otherwise protected structure:
Satisfy any
Enable Server Side Includes (SSI)
AddType text/html .shtml AddHandler server-parsed .shtml Options Indexes FollowSymLinks Includes
Deny users by IP address
Order allow,deny Deny from 123.45.67.8 Deny from 123.123.7 Allow from all
- This would ban anyone with an IP address of 123.45.67.8 and would also ban anyone with an IP address starting in 123.123.7: for example, 123.123.74.42 would not gain access.
Change the default directory page
DirectoryIndex homepage.html
- Here, anyone visiting http://www.example.com/ would see the homepage.html page, rather than the default index.html.
Redirects
Redirect page1.html page2.html
- If someone was to visit http://www.example.com/page1.html, they would be sent (with an HTTP status code of 302) to http://www.example.com/page2.html.
Prevent bandwidth theft / hotlinking of images
The following .htaccess
rules use mod rewrite.
From specific domains
RewriteEngine on RewriteCond %{HTTP_REFERER} ^http://([^/]+\.)?baddomain1\.com [NC,OR] RewriteCond %{HTTP_REFERER} ^http://([^/]+\.)?baddomain2\.com [NC,OR] RewriteCond %{HTTP_REFERER} ^http://([^/]+\.)?baddomain3\.com [NC] RewriteRule \.(gif|jpg)$ http://www.example.com/hotlink.gif [R,L]
Except from specific domains
RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com/.*$ [NC] RewriteRule \.(gif|jpg)$ http://www.example.com/hotlink.gif [R,L]
- Unless the image is displayed on example.com, browers would see the image hotlink.gif.
Note: Hotlink protection using .htaccess
relies on the client sending the correct "Referer" value in the http GET request. Programs such as Windows Media Player send a blank referrer, so that attempts to use .htaccess
to protect movie files for example are ineffective.
Standardise web address
RewriteEngine on RewriteCond %{HTTP_HOST} ^example.com$ RewriteRule (.*) http://www.example.com/$1 [R=Permanent]
If anyone types in your sites address without the 'www
' prefix, this will redirect them to the page with the 'www
' prefix
- Permanent address change: suppose your site has permanently moved to a new domain. The following rules apply said changes:
RewriteCond %{HTTP_HOST} ^www.domain.com$ [NC] RewriteRule ^(.*)$ http://www.domain2.com/$1 [R=301, L]
Here "[NC]
" means case insensitive and its called "RewriteCond
Flags". [R=301]
means "moved permanently". It is called a redirection header code.
Dynamic vs. static URLs
Old dynamic URL format:
/index\.php?product=auto&make=bmw&year=2007
New static URL format:
/product/auto/bmw/2007
Mod_rewrite code for use in .htaccess
file:
# Enable mod_rewrite, start rewrite engine Options +FollowSymLinks RewriteEngine on # # Internally rewrite search engine friendly static URL to dynamic filepath and query RewriteRule ^product/([^/]+)/([^/]+)/([^/]+)/?$ /index.php?product=$1&make=$2&year=$3 [L] # # Externally redirect client requests for old dynamic URLs to equivalent new static URLs RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\?product=([^&]+)&make=([^&]+)&year=([^\ ]+)\ HTTP/ RewriteRule ^index\.php$ http://example.com/product/%1/%2/%3? [R=301,L]
Nice looking URLs (no querying) with pagination
Suppose your URL is:
domain.com/article.php?name=title&page=5
And you want to change it to:
domain.com/articles/title/5/
Add the following to your .htaccess
file:
RewriteRule ^articles/(A-Za-z0-9-]+)/([0-9]+)/?$ article.php?name=$1&page=$2 [L]
The rule is defined in the regular expression. The "[L]
" means "Last Rule" and it is called "RewriteRule
Flags".
Directory rules
A .htaccess
file controls the directory it is in, plus all subdirectories. However, by placing additional .htaccess
files in the subdirectories, this can be overruled.
User permissions
The user permissions for .htaccess
are controlled on server level with the AllowOverride
directive which is documented in the Apache Server Documentation.
Other uses
Some web developers have modified .htaccess
to perform custom tasks server-side before serving content to the browser. Developer Shaun Inman shows it is possible to edit .htaccess
to allow for Server Side Constants within CSS.
See also
External links
Apache.org
- Documentation for mod_rewrite, frequently used in .htaccess files
- Apache configuration directives allowed in .htaccess context
- Apache Docs .htaccess Howto
- Authentication, Authorization and Access Control
Other
- Easy to understand tutorial
- Comprehensive guide to .htaccess
- Beginner's .htaccess tutorial and Custom Error Page Generator - Beginner's tutorial on .htaccess and custom error page generator in PHP
- .htaccess File Generator at cooletips.de
- Repository of .htaccess/mod_rewrite snippets, examples and tricks
- Restricting Website Access with Apache 2
- .htaccess Based Authentication On Subdirectories
- Ultimate htaccess article &mbash; by AskApache