In this post you will find out about the .htaccess file and the power it has to improve your website. Although .htaccess is only a file, it can change settings on the servers and allow you to do many different things, the most popular being able to have your own custom 404 error pages. .htaccess isn’t difficult to use and is really just made up of a few simple instructions in a text file.
Some of the things that we can do with the .htaccess file are password protect a folder, create redirections, adjust php settings, control the caching of files, control how extensions are treated by the server (we can make an HTML file be run through the php module instead of just serve it), and in general alter how files are served to the visitors.
In general, you should never use .htaccess files unless you don’t have access to the main server configuration file. There are two main reasons to avoid the use of .htaccess files. The first of these is performance. When AllowOverride is set to allow the use of .htaccess files, Apache will look in every directory for .htaccess files. Thus, permitting .htaccess files causes a performance hit, whether or not you actually even use them! Also, the .htaccess file is loaded every time a document is requested. The second consideration is one of security. You are permitting users to modify server configuration, which may result in changes over which you have no control. Carefully consider whether you want to give your users this privilege.
Custom Error Pages
You can use custom error pages for any error as long as you know its number (like 404 for page not found) by adding the following to your .htaccess file:
ErrorDocument errornumber /file.html
For example if I had the file notfound.html in the root direct
ory of my site and I wanted to use it for a 404 error I would use:
ErrorDocument 404 /notfound.html
If the file is not in the root directory of your site, you just need to put the path to it:
ErrorDocument 500 /errorpages/500.html
These are some of the most common errors:
401 – Authorization Required
400 – Bad request
403 – Forbidden
500 – Internal Server Error
404 – Wrong page
Then, all you need to do is to create a file to display when the error happens and upload it and the .htaccess file.
Stop A Directory Index
By default, when we access a subfolder in a website that does not have an index file (whether it’s .html, .htm, .php), the server will show us an list of the content in the folder, the typical “Index of” followed by all of the files and subdirectories in the directory we are accessing. This setting is particularly dangerous, as it may expose the inner structure of our website and/or provide access to files and information that we would rather not show publicly but that for some reason we put in there.
In order to disable this setting, we can create an .htaccess file in the root folder of the website, and add to it the line:
Options -Indexes
Deny/Allow IP Addresses
You can block an IP address by using:
deny from 192.168.1.8
*If you only specify 1 or 2 of the groups of numbers, you will block a whole range.
You can allow an IP address by using:
allow from 192.168.1.8
*If you only specify 1 or 2 of the groups of numbers, you will allow a whole range.
If you want to deny everyone from accessing a directory, you can use:
deny from all
Alternative Index Files
You may not always want to use index.htm or index.html as your index file for a directory, for example if you are using PHP files in your site, you may want index.php to be the index file for a directory. You are not limited to ‘index’ files though. Using .htaccess you can set foofoo.blah to be your index file if you want to!
DirectoryIndex index.php index.php3 messagebrd.pl index.html index.htm
Redirection
One of the most useful functions of the .htaccess file is to redirect requests to different files, either on the same server, or on a completely different web site. It can be extremely useful if you change the name of one of your files but allow users to still find it. The following can be done to redirect a specific file:
Redirect /location/from/root/file.ext http://www.othersite.com/new/file/location.xyz
You can also redirect whole directoires of your site using the .htaccess file, for example if you had a directory called olddirectory on your site and you had set up the same files on a new site at: http://www.newsite.com/newdirectory/ you could redirect all the files in that directory without having to specify each one:
Redirect /olddirectory http://www.newsite.com/newdirectory
The status 301 indicates the browser that the file has been permanently moved to a different location. You can redirect using:
Redirect 301 /path/from/htaccess/file.html http://www.domain.com/path/file.html
The status 307 indicates the browser that the file has been moved temporally to a different location. You can redirect using:
Redirect 307 /path/from/htaccess/file.html http://www.domain.com/path/file.html
The status 410 indicates the browser that the file has been moved permanently to a different location. You can redirect using:
Redirect 410 /path/from/htaccess/file.html
Password protecting
Start by creating a file called .htpasswd, and change the permissions to 600 (only the owner can read it and write it) so it can’t be accessed from outsiders.
Once you have created your .htpasswd file, you must enter the usernames and passwords to access the site. They should be entered as follows:
username:password
We need to add the following lines to our .htaccess file located in the folder that we want to protect:
AuthName “Please authenticate in order to access the contents of this folder”
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user
When you try to access a site which has been protected by .htaccess your browser will pop up a standard username/password dialog box. If you don’t like this, there are certain scripts available which allow you to embed a username/password box in a website to do the authentication. You can also send the username and password (unencrypted) in the URL as follows:
http://username:password@www.website.com/directory/
Treating HTML files as PHP files
To treat files with an html extension (or any other extension) as PHP files, i.e. to make the server parse the html files through the PHP module instead of just serving them directly to the browser, we need to add the following lines to our .htaccess file:
AddType application/x-httpd-php .htm
AddType application/x-httpd-php .html
PHP settings
If we don’t have access to the php.ini file, some hosting providers allows to change some of it’s default settings by modifying the .htaccess file. To change a PHP default setting in our .htaccess file, the option AllowOverride Options (or AllowOverride all) must be on in the server. If it is on, we just need to add the following line to our .htaccess file:
php_value memory_limit 16M
(This is, php_value, followed by the setting name, followed by the new value.)
Compressing the files
To enable the compression of files, in case the server is not configured to do this by default, we need to add to our .htaccess file the line:
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript application/x-javascript application/rss+xml application/atom_xml text/javascript
Good Luck~
Copyright © 2012
This feed is for personal, non-commercial use only.
The use of this feed on other websites breaches copyright. If this content is not in your news reader, it makes the page you are viewing an infringement of the copyright. (Digital Fingerprint:
)
Clik here to view.
jonboy60
I’m a Malaysian, my name is Jon Loh (jonboy60) living in Kuala Lumpur and working in Petaling Jaya, Malaysia. Jonboy60.com is a blog magazine about Linux and other open source softwares. All about to a daily jobs or real life experiences I had since the year 2002 administrating Linux and Windows server in a hosting company. Basically i will be offering Linux tips, howto, tricks, latest news and tutorial. Contact Me for Career opportunities, business offers, Linux solutions for business or home, web and email server solutions, Linux consulting and expertise requests. Email to me on jonboy60{@}gmail.com. The site I’m running is VenCouture.com – Malaysia Online Fashion Shopping Boutique, VenCouture. We sell fashion clothes, sexy lingeries, baby clothing and etc.
Follow Me:
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.