Difference between revisions of ".htaccess"

From Christoph's Personal Wiki
Jump to: navigation, search
 
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
'''.htaccess''' (''[[Hypertext]] Access'') is the default name of [[Apache HTTP Server|Apache's]] [[directory]]-level [[configuration file]]. It provides the ability to customize configuration [[directive]]s defined in the main configuration file. The configuration directives need to be in ''.htaccess'' [[context]] and the user needs appropriate [[permission]]s.
+
'''<code>.htaccess</code>''' (''Hypertext Access'') is the default name of [[Apache|Apache's]] directory-level configuration file. It provides the ability to customize configuration directives defined in the main configuration file. The configuration directives need to be in <code>.htaccess</code> context and the user needs appropriate permissions.
  
 
==Common usage==
 
==Common usage==
Line 5: Line 5:
 
  ErrorDocument 404 my404page.html
 
  ErrorDocument 404 my404page.html
  
:This code can be used to create any custom page. Certain pages are more complicated to modify - if you create a custom [[404 error|404]] Forbidden page, then a viewer will not see the custom page. Here is an example showing a method used to get around this:
+
:This code can be used to create any custom page. Certain pages are more complicated to modify &mdash; if you create a custom [[404 error|404]] Forbidden page, then a viewer will not see the custom page. Here is an example showing a method used to get around this:
  
 
  ErrorDocument 404 /public/my404page.html
 
  ErrorDocument 404 /public/my404page.html
  
:In this case you would need another .htaccess file in /public, containing these lines:
+
:In this case you would need another <code>.htaccess</code> file in <code>/public</code>, containing these lines:
  
 
  Order allow,deny
 
  Order allow,deny
Line 34: Line 34:
 
  Satisfy any
 
  Satisfy any
  
===Enable [[Server_Side_Includes|SSI]]===
+
===Enable Server Side Includes (SSI)===
 
  AddType text/html .shtml
 
  AddType text/html .shtml
 
  AddHandler server-parsed .shtml
 
  AddHandler server-parsed .shtml
Line 50: Line 50:
 
  DirectoryIndex homepage.html
 
  DirectoryIndex homepage.html
  
:Here, anyone visiting http://www.example.com/ would see the homepage.html page, rather than the default index.html.
+
:Here, anyone visiting <nowiki>http://www.example.com/</nowiki> would see the homepage.html page, rather than the default index.html.
  
 
===Redirects===
 
===Redirects===
 
  Redirect page1.html page2.html
 
  Redirect page1.html page2.html
  
:If someone was to visit http://www.example.com/page1.html, they would be sent (with an [[HTTP]] status code of 302) to http://www.example.com/page2.html
+
:If someone was to visit <nowiki>http://www.example.com/page1.html</nowiki>, they would be sent (with an [[HTTP]] status code of 302) to <nowiki>http://www.example.com/page2.html</nowiki>.
  
===Prevent [[Bandwidth theft|hotlinking]] of images===
+
===Prevent bandwidth theft / hotlinking of images===
The following .htaccess rules use [[mod rewrite]].
+
The following <code>.htaccess</code> rules use [[mod rewrite]].
  
 
====From specific domains====
 
====From specific domains====
Line 73: Line 73:
 
  RewriteRule \.(gif|jpg)$ <nowiki>http://www.example.com/hotlink.gif</nowiki> [R,L]
 
  RewriteRule \.(gif|jpg)$ <nowiki>http://www.example.com/hotlink.gif</nowiki> [R,L]
  
:Unless the image is displayed on example.com, browers would see the image hotlink.gif.
+
:Unless the image is displayed on <nowiki>example.com</nowiki>, browers would see the image hotlink.gif.
  
Note: Hotlink protection using .htaccess relies on the client sending the correct "Referer" value in the http GET request. Programs such as Windows Media Player send a blank referrer, so that attempts to use .htaccess to protect movie files for example are ineffective.
+
Note: Hotlink protection using <code>.htaccess</code> relies on the client sending the correct "Referer" value in the http GET request. Programs such as Windows Media Player send a blank referrer, so that attempts to use <code>.htaccess</code> to protect movie files for example are ineffective.
  
 
====Standardise web address====
 
====Standardise web address====
Line 81: Line 81:
 
   
 
   
 
  RewriteCond %{HTTP_HOST} ^example.com$
 
  RewriteCond %{HTTP_HOST} ^example.com$
  RewriteRule (.*) http://www.example.com/$1 [R=Permanent]
+
  RewriteRule (.*) <nowiki>http://www.example.com/$1</nowiki> [R=Permanent]
  
If anyone types in your sites address without the 'www' prefix, this will redirect them to the page with the 'www' prefix
+
If anyone types in your sites address without the '<code>www</code>' prefix, this will redirect them to the page ''with'' the '<code>www</code>' prefix
 +
 
 +
*Permanent address change: suppose your site has permanently moved to a new domain. The following rules apply said changes:
 +
RewriteCond %{HTTP_HOST} ^www.domain.com$ [NC]
 +
RewriteRule  ^(.*)$ <nowiki>http://www.domain2.com/$1</nowiki>  [R=301, L]
 +
 
 +
Here "<code>[NC]</code>" means case insensitive and its called "<code>RewriteCond</code> Flags". <code>[R=301]</code> means "moved permanently". It is called a redirection header code.
 +
 
 +
====Dynamic ''vs.'' static URLs====
 +
Old dynamic URL format:
 +
/index\.php?product=auto&make=bmw&year=2007
 +
New static URL format:
 +
/product/auto/bmw/2007
 +
 
 +
[[Mod_rewrite]] code for use in <code>.htaccess</code> file:
 +
 
 +
# Enable mod_rewrite, start rewrite engine
 +
Options +FollowSymLinks
 +
RewriteEngine on
 +
#
 +
# Internally rewrite search engine friendly static URL to dynamic filepath and query
 +
RewriteRule ^product/([^/]+)/([^/]+)/([^/]+)/?$ /index.php?product=$1&make=$2&year=$3 [L]
 +
#
 +
# Externally redirect client requests for old dynamic URLs to equivalent new static  URLs
 +
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\?product=([^&]+)&make=([^&]+)&year=([^\ ]+)\ HTTP/
 +
RewriteRule ^index\.php$ <nowiki>http://example.com/product/%1/%2/%3?</nowiki> [R=301,L]
 +
 
 +
====Nice looking URLs (no querying) with pagination====
 +
Suppose your URL is:
 +
domain.com/article.php?name=title&page=5
 +
And you want to change it to:
 +
domain.com/articles/title/5/
 +
Add the following to your <code>.htaccess</code> file:
 +
RewriteRule ^articles/(A-Za-z0-9-]+)/([0-9]+)/?$ article.php?name=$1&page=$2 [L]
 +
The rule is defined in the [[regular expression]]. The "<code>[L]</code>" means "Last Rule" and it is called "<code>RewriteRule</code> Flags".
  
 
==Directory rules==
 
==Directory rules==
A .htaccess file controls the directory it is in, '''plus all subdirectories'''. However, by placing additional .htaccess files in the subdirectories, this can be overruled.
+
A <code>.htaccess</code> file controls the directory it is in, '''plus all subdirectories'''. However, by placing additional <code>.htaccess</code> files in the subdirectories, this can be overruled.
  
 
==User permissions==
 
==User permissions==
The user permissions for .htaccess are controlled on server level with the ''AllowOverride'' directive which is documented in the Apache Server Documentation.
+
The user permissions for <code>.htaccess</code> are controlled on server level with the <code>AllowOverride</code> directive which is documented in the Apache Server Documentation.
  
 
==Other uses==
 
==Other uses==
Some web developers have modified .htaccess to perform custom tasks server-side before serving content to the browser. Developer Shaun Inman shows it is possible to edit .htaccess to [http://www.shauninman.com/plete/2005/08/css-constants allow for Server Side Constants] within [[Cascading Style Sheets|CSS]].
+
Some web developers have modified <code>.htaccess</code> to perform custom tasks server-side before serving content to the browser. Developer Shaun Inman shows it is possible to edit <code>.htaccess</code> to [http://www.shauninman.com/plete/2005/08/css-constants allow for Server Side Constants] within [[Cascading Style Sheets|CSS]].
  
 
==See also==
 
==See also==
* [[Robots.txt|robots.txt]]
+
*[[Robots.txt|robots.txt]]
* [[Mod_rewrite|mod_rewrite]]
+
*[[Mod_rewrite|mod_rewrite]]
 
*[[Apache HTTP Server]]
 
*[[Apache HTTP Server]]
*[[Configuration file]]
+
*[[LAMP]]
  
 
==External links==
 
==External links==
 
+
===Apache.org===
*[http://www.javascriptkit.com/howto/htaccess.shtml Easy to understand tutorial]
+
 
*[http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html Documentation for mod_rewrite], frequently used in .htaccess files
 
*[http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html Documentation for mod_rewrite], frequently used in .htaccess files
 
*[http://httpd.apache.org/docs/mod/directive-dict.html#Context Apache configuration directives allowed in .htaccess context]
 
*[http://httpd.apache.org/docs/mod/directive-dict.html#Context Apache configuration directives allowed in .htaccess context]
 
*[http://httpd.apache.org/docs/howto/htaccess.html Apache Docs .htaccess Howto]
 
*[http://httpd.apache.org/docs/howto/htaccess.html Apache Docs .htaccess Howto]
 +
*[http://httpd.apache.org/docs/2.0/howto/auth.html Authentication, Authorization and Access Control]
 +
===Other===
 +
*[http://www.javascriptkit.com/howto/htaccess.shtml Easy to understand tutorial]
 +
*[http://www.javascriptkit.com/howto/htaccess.shtml Comprehensive guide to .htaccess]
 
*[http://www.mousewhisperer.co.uk/php_page.html Beginner's .htaccess tutorial and Custom Error Page Generator] - Beginner's tutorial on .htaccess and custom error page generator in [[PHP]]
 
*[http://www.mousewhisperer.co.uk/php_page.html Beginner's .htaccess tutorial and Custom Error Page Generator] - Beginner's tutorial on .htaccess and custom error page generator in [[PHP]]
*[http://cooletips.de/htaccess/ htaccess File Generator at cooletips.de]
+
*[http://cooletips.de/htaccess/ .htaccess File Generator at cooletips.de]
 
*[http://www.myhtaccess.com Repository of .htaccess/mod_rewrite snippets, examples and tricks]
 
*[http://www.myhtaccess.com Repository of .htaccess/mod_rewrite snippets, examples and tricks]
 +
*[http://www.informit.com/articles/article.asp?p=29967&rl=1 Restricting Website Access with Apache 2]
 +
*[http://www.howtoforge.com/htaccess_authentication .htaccess Based Authentication On Subdirectories]
 +
*[http://www.askapache.com/htaccess/htaccess.html Ultimate htaccess article] &mbash; by AskApache
  
 
[[Category:World Wide Web]]
 
[[Category:World Wide Web]]

Latest revision as of 21:41, 15 April 2015

.htaccess (Hypertext Access) is the default name of Apache's directory-level configuration file. It provides the ability to customize configuration directives defined in the main configuration file. The configuration directives need to be in .htaccess context and the user needs appropriate permissions.

Common usage

Custom Error Pages

ErrorDocument 404 my404page.html
This code can be used to create any custom page. Certain pages are more complicated to modify — if you create a custom 404 Forbidden page, then a viewer will not see the custom page. Here is an example showing a method used to get around this:
ErrorDocument 404 /public/my404page.html
In this case you would need another .htaccess file in /public, containing these lines:
Order allow,deny
Allow from all

Password protection

Make the user enter a name and password before viewing a directory.

AuthUserFile /home/newuser/www/stash/.htpasswd
AuthGroupFile /dev/null
AuthName "Protected Directory"
AuthType Basic
<Limit GET POST>
require user newuser
</Limit>

Now run this command to create a new password for the user 'newuser'.

htpasswd /home/newuser/www/stash/.htpasswd newuser

Password unprotection

Unprotect a directory inside an otherwise protected structure:

Satisfy any

Enable Server Side Includes (SSI)

AddType text/html .shtml
AddHandler server-parsed .shtml
Options Indexes FollowSymLinks Includes

Deny users by IP address

Order allow,deny
Deny from 123.45.67.8
Deny from 123.123.7
Allow from all
This would ban anyone with an IP address of 123.45.67.8 and would also ban anyone with an IP address starting in 123.123.7: for example, 123.123.74.42 would not gain access.

Change the default directory page

DirectoryIndex homepage.html
Here, anyone visiting http://www.example.com/ would see the homepage.html page, rather than the default index.html.

Redirects

Redirect page1.html page2.html
If someone was to visit http://www.example.com/page1.html, they would be sent (with an HTTP status code of 302) to http://www.example.com/page2.html.

Prevent bandwidth theft / hotlinking of images

The following .htaccess rules use mod rewrite.

From specific domains

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://([^/]+\.)?baddomain1\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://([^/]+\.)?baddomain2\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://([^/]+\.)?baddomain3\.com [NC]
RewriteRule \.(gif|jpg)$ http://www.example.com/hotlink.gif [R,L]

Except from specific domains

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.example.com/hotlink.gif [R,L]
Unless the image is displayed on example.com, browers would see the image hotlink.gif.

Note: Hotlink protection using .htaccess relies on the client sending the correct "Referer" value in the http GET request. Programs such as Windows Media Player send a blank referrer, so that attempts to use .htaccess to protect movie files for example are ineffective.

Standardise web address

RewriteEngine on

RewriteCond %{HTTP_HOST} ^example.com$
RewriteRule (.*) http://www.example.com/$1 [R=Permanent]

If anyone types in your sites address without the 'www' prefix, this will redirect them to the page with the 'www' prefix

  • Permanent address change: suppose your site has permanently moved to a new domain. The following rules apply said changes:
RewriteCond %{HTTP_HOST} ^www.domain.com$ [NC]
RewriteRule  ^(.*)$ http://www.domain2.com/$1  [R=301, L]

Here "[NC]" means case insensitive and its called "RewriteCond Flags". [R=301] means "moved permanently". It is called a redirection header code.

Dynamic vs. static URLs

Old dynamic URL format:

/index\.php?product=auto&make=bmw&year=2007

New static URL format:

/product/auto/bmw/2007

Mod_rewrite code for use in .htaccess file:

# Enable mod_rewrite, start rewrite engine
Options +FollowSymLinks
RewriteEngine on
#
# Internally rewrite search engine friendly static URL to dynamic filepath and query
RewriteRule ^product/([^/]+)/([^/]+)/([^/]+)/?$ /index.php?product=$1&make=$2&year=$3 [L]
#
# Externally redirect client requests for old dynamic URLs to equivalent new static  URLs
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\?product=([^&]+)&make=([^&]+)&year=([^\ ]+)\ HTTP/
RewriteRule ^index\.php$ http://example.com/product/%1/%2/%3? [R=301,L] 

Nice looking URLs (no querying) with pagination

Suppose your URL is:

domain.com/article.php?name=title&page=5

And you want to change it to:

domain.com/articles/title/5/

Add the following to your .htaccess file:

RewriteRule ^articles/(A-Za-z0-9-]+)/([0-9]+)/?$ article.php?name=$1&page=$2 [L]

The rule is defined in the regular expression. The "[L]" means "Last Rule" and it is called "RewriteRule Flags".

Directory rules

A .htaccess file controls the directory it is in, plus all subdirectories. However, by placing additional .htaccess files in the subdirectories, this can be overruled.

User permissions

The user permissions for .htaccess are controlled on server level with the AllowOverride directive which is documented in the Apache Server Documentation.

Other uses

Some web developers have modified .htaccess to perform custom tasks server-side before serving content to the browser. Developer Shaun Inman shows it is possible to edit .htaccess to allow for Server Side Constants within CSS.

See also

External links

Apache.org

Other