O
ovi
Guest
Access Configuration or .htaccess files can be used to change various directives for a directory and any directories beneath it.
Each Apache server has a global access configuration file which can set the defaults for all directories. It can also limit or completely forbid .htaccess files. If you administer your own server, great. Otherwise, you may need to check with the admin to see if any limitations are in place. We're not going to deal with this type of configuration, just with .htaccess.
The .htaccess file itself is a text file, which you place in the directory you want it to affect. So, if you want it in force for your whole site, put it in your main web directory. It will affect all directories beneath it as well. You can place another .htaccess file in a specific directory and any directives you specify there will over-ride the ones higher up in the directory tree.
MIME Types
You can map MIME Types to extensions, adding to or overriding the default:
AddType image/gif fred
AddType text/html fish
So, any file with the extension .fred will be parsed as a gif.
NOTE: This won't work for all browsers. And IE5 will usually display the image as a gif regardless of the extension, since it tries be helpful.
On Apache 1.3.13 and later, you can also use RemoveType to undo associations made in .htaccess files higher up. (I can't demonstrate this as I'm on a server that uses an earlier version.)
RemoveType blue
You can do other, more complex mods as well. More on MIME Type Modifications:
http://www.apache.org/docs/mod/mod_mime.html
You can also set the DefaultType. Normally, you wouldn't want to do this. But if you had a whole directory of images, for example, and didn't want to name them .gif, you could say:
DefaultType image/gif
The usual default is text/html and does not need to be specified.
Redirection
If you're rearranging your site or if someone published an incorrect URL, you can use .htaccess to painlessly redirect the user to the correct page. (This might not work in every single browser.) The syntax is:
redirect accessed-file URL-to-go-to
redirect /weav/htaccess/redirect.html http://www.yourdomain.com/weav/
Error Handling
You spend a lot of time giving your web sites a consistent look and feel. Everything is all wonderful, beautiful, branded, and sleek. But then somebody clicks on a broken link (on someone else's site -- I know your links always work) and they get the dreaded File Not Found page. And it's ugly and says nothing about your site or your company. So they go away.
But all is not lost -- you can use an .htaccess file to give your error docs the same look and feel as the rest of your site.
You can specify a URL instead of a path:
ErrorDocument 404 http://www.yahoo.com
You can use more than one response for an error, to send a message to the user and also to try to analyse the problem, for example:
ErrorDocument 500 "Sorry, but the server is not feeling well
ErrorDocument 500 /cgi-bin/crash-recover
This would display the message to the user and also run the script.
Restricting Access
Sometimes you might want to restrict access to all or part of your site. Maybe you have one area devoted to administration or maybe the site is only intended for a certain group of people. Or maybe you're trying to block a specific group of people.
You can allow or deny access based on domain/IP. To deny anyone from a certain domain, use:
deny from .aol.com
You could also use an IP or range of IPs:
deny from 24.64.
This would deny anyone whose IP started with 24.64.
Often, you'll want to deny everyone and then allow certain people.
order deny,allow
deny from all
allow from 24.64.103.25
allow from .islandnet.com
The first line indicates in which order the directives should be processed. You'll most likely want to use domain names rather than IPs unless you're in a situation where the IPs are static.
You can also use a sectioning directive called Limit to specify which connection methods this applies to.
<Limit GET get POST post>
order deny,allow
deny from all
allow from 24.64.103.25
allow from .islandnet.com
</Limit>
Here, the limits only apply to pages and scripts called through GET and POST. Normally, a browser will issue a GET in the header. These are listed twice because they are case-sensitive and some browsers do it one way, some another. You could, if you liked, simply restrict POST so that all users could view pages but only certain ones could use forms.
You can also use usernames and passwords to restrict access. Here's the syntax:
authtype Basic
authname WEAV
authuserfile /home/k/kfriesen/pass
require valid-user
authtype is the type of password authentication. Basic is the standard one. Your server might support another type, like Kerberos, but it's not that usual.
authname is the name of the realm for which the username and password are valid. The name is presented on the login form. As well, it's saved for the current session. You could use this to allow access to two separate but not nested directories without having to prompt the user a second time for the information.
authuserfile is where the password file resides. (More on creating the password file below.) Note that this should NOT be in your www directory. If you don't know the pathname to your files, you can ask your admin or derive it from PHP's global variable $DOCUMENT_ROOT.
require valid-user will allow any authenticated user in. But if you want to use the same password file for many directories, you can specify users or groups here:
require user karen rod fred
To use group files, you need two extra lines:
authgroupfile /home/k/kfriesen/mygroups
require group weav
The group file is a text file containing one or more lines. Each line contains the name of a group and the users:
weav: karen rod fred
So, instead of having to specify the three users, we can specify the group weav.
Creating the Password File
If you have shell access to your server and htpasswd is installed (you might need to check with your admin about this), you can create the file by telneting to the server and then typing:
htpasswd -c myusers karen
Adding password for karen.
New password: happydogs
Re-type new password: happydogs
myusers is the name of the password file. To add users once the file is created, simply omit -c.
htpasswd myusers rod
If you don't have access to htpasswd, then you can use PHP's crypt() function to create the passwords for the file. The passwords are encrypted using standard DES encryption. The first two characters of the hash will be the salt. The password file should look like this:
ralph:WaOaPORZmVKxI
rod:W5Jpa/rAskTf6
karen:Tnt1Yjs6Stsec
IMPORTANT NOTE: Even when you're using hashed passwords, the information is not encrypted until it reaches the server. So, use a secure connection if possible. (You might be able to write a javascript that would encrypt the info client side as well.
If you are using both require and allow to restrict access, you need one more line:
satisfy any
OR
satisfy all
If any, satisfying either allow or require is enough. If all, both are required.
I hope that you will find this information utile for you, I have find utile when once I need htaccess and our coder was not available. It's a greate tool.
Ovi
Each Apache server has a global access configuration file which can set the defaults for all directories. It can also limit or completely forbid .htaccess files. If you administer your own server, great. Otherwise, you may need to check with the admin to see if any limitations are in place. We're not going to deal with this type of configuration, just with .htaccess.
The .htaccess file itself is a text file, which you place in the directory you want it to affect. So, if you want it in force for your whole site, put it in your main web directory. It will affect all directories beneath it as well. You can place another .htaccess file in a specific directory and any directives you specify there will over-ride the ones higher up in the directory tree.
MIME Types
You can map MIME Types to extensions, adding to or overriding the default:
AddType image/gif fred
AddType text/html fish
So, any file with the extension .fred will be parsed as a gif.
NOTE: This won't work for all browsers. And IE5 will usually display the image as a gif regardless of the extension, since it tries be helpful.
On Apache 1.3.13 and later, you can also use RemoveType to undo associations made in .htaccess files higher up. (I can't demonstrate this as I'm on a server that uses an earlier version.)
RemoveType blue
You can do other, more complex mods as well. More on MIME Type Modifications:
http://www.apache.org/docs/mod/mod_mime.html
You can also set the DefaultType. Normally, you wouldn't want to do this. But if you had a whole directory of images, for example, and didn't want to name them .gif, you could say:
DefaultType image/gif
The usual default is text/html and does not need to be specified.
Redirection
If you're rearranging your site or if someone published an incorrect URL, you can use .htaccess to painlessly redirect the user to the correct page. (This might not work in every single browser.) The syntax is:
redirect accessed-file URL-to-go-to
redirect /weav/htaccess/redirect.html http://www.yourdomain.com/weav/
Error Handling
You spend a lot of time giving your web sites a consistent look and feel. Everything is all wonderful, beautiful, branded, and sleek. But then somebody clicks on a broken link (on someone else's site -- I know your links always work) and they get the dreaded File Not Found page. And it's ugly and says nothing about your site or your company. So they go away.
But all is not lost -- you can use an .htaccess file to give your error docs the same look and feel as the rest of your site.
You can specify a URL instead of a path:
ErrorDocument 404 http://www.yahoo.com
You can use more than one response for an error, to send a message to the user and also to try to analyse the problem, for example:
ErrorDocument 500 "Sorry, but the server is not feeling well
ErrorDocument 500 /cgi-bin/crash-recover
This would display the message to the user and also run the script.
Restricting Access
Sometimes you might want to restrict access to all or part of your site. Maybe you have one area devoted to administration or maybe the site is only intended for a certain group of people. Or maybe you're trying to block a specific group of people.
You can allow or deny access based on domain/IP. To deny anyone from a certain domain, use:
deny from .aol.com
You could also use an IP or range of IPs:
deny from 24.64.
This would deny anyone whose IP started with 24.64.
Often, you'll want to deny everyone and then allow certain people.
order deny,allow
deny from all
allow from 24.64.103.25
allow from .islandnet.com
The first line indicates in which order the directives should be processed. You'll most likely want to use domain names rather than IPs unless you're in a situation where the IPs are static.
You can also use a sectioning directive called Limit to specify which connection methods this applies to.
<Limit GET get POST post>
order deny,allow
deny from all
allow from 24.64.103.25
allow from .islandnet.com
</Limit>
Here, the limits only apply to pages and scripts called through GET and POST. Normally, a browser will issue a GET in the header. These are listed twice because they are case-sensitive and some browsers do it one way, some another. You could, if you liked, simply restrict POST so that all users could view pages but only certain ones could use forms.
You can also use usernames and passwords to restrict access. Here's the syntax:
authtype Basic
authname WEAV
authuserfile /home/k/kfriesen/pass
require valid-user
authtype is the type of password authentication. Basic is the standard one. Your server might support another type, like Kerberos, but it's not that usual.
authname is the name of the realm for which the username and password are valid. The name is presented on the login form. As well, it's saved for the current session. You could use this to allow access to two separate but not nested directories without having to prompt the user a second time for the information.
authuserfile is where the password file resides. (More on creating the password file below.) Note that this should NOT be in your www directory. If you don't know the pathname to your files, you can ask your admin or derive it from PHP's global variable $DOCUMENT_ROOT.
require valid-user will allow any authenticated user in. But if you want to use the same password file for many directories, you can specify users or groups here:
require user karen rod fred
To use group files, you need two extra lines:
authgroupfile /home/k/kfriesen/mygroups
require group weav
The group file is a text file containing one or more lines. Each line contains the name of a group and the users:
weav: karen rod fred
So, instead of having to specify the three users, we can specify the group weav.
Creating the Password File
If you have shell access to your server and htpasswd is installed (you might need to check with your admin about this), you can create the file by telneting to the server and then typing:
htpasswd -c myusers karen
Adding password for karen.
New password: happydogs
Re-type new password: happydogs
myusers is the name of the password file. To add users once the file is created, simply omit -c.
htpasswd myusers rod
If you don't have access to htpasswd, then you can use PHP's crypt() function to create the passwords for the file. The passwords are encrypted using standard DES encryption. The first two characters of the hash will be the salt. The password file should look like this:
ralph:WaOaPORZmVKxI
rod:W5Jpa/rAskTf6
karen:Tnt1Yjs6Stsec
IMPORTANT NOTE: Even when you're using hashed passwords, the information is not encrypted until it reaches the server. So, use a secure connection if possible. (You might be able to write a javascript that would encrypt the info client side as well.
If you are using both require and allow to restrict access, you need one more line:
satisfy any
OR
satisfy all
If any, satisfying either allow or require is enough. If all, both are required.
I hope that you will find this information utile for you, I have find utile when once I need htaccess and our coder was not available. It's a greate tool.
Ovi
