HT: Difference between revisions - The Uniform Server Wiki

(8 intermediate revisions by 6 users not shown)

Line 1:

This article will help you understand and ~~build your knowledge~~ of the .htaccess file you see when you run an Apache Web Server like ours.

This article will help you understand some aspects and advantages of the .htaccess file you see when you run an Apache Web Server like ours.

==~~=Article~~ is ~~still under writing=~~==

==What is a .htaccess file?==

It is Apache's directory-level configuration file (as opposed to httpd.conf, which is the main server configuration file) that provides the governing rules of how the web server operates. When it is placed in a particular directory, the rules in it apply to that directory and all the subdirectories thereof.

~~==What~~ is a .htaccess ~~file?==~~

Here is a [http://www.javascriptkit.com/howto/htaccess.shtml good tutorial] on the use and configuration of the .htaccess file.

~~It is a HTTPd (Hypertext Transfer Protocol daemon) that provides~~ the ~~governing rules~~ of ~~how a web server should be ran/behave. It is~~ the ~~sub-conf script to the httpd~~.~~conf~~ file ~~in Apache~~.

==What is a .htpasswd file?==

The .htpasswd file is a file used to store usernames and passwords for protected areas of a website that ~~uses~~ the .htaccess Protection.

The .htpasswd file is a file used to store usernames and passwords for protected areas of a website that use the .htaccess Protection.

==Usage and Commands==

~~'''~~Change the Default Directory Index File~~''':~~ It can be used to ~~chnage~~ the default index file which is normally index.html, index.ext... to anything like foo.ext or whatever name/extension you prefer. To do this, use:

Here are some examples as to how they can be used.

===Change the Default Directory Index File===

It can be used to change the default index file, which is normally index.html, index.ext... to anything else, like foo.ext or whatever name/extension you prefer. To do this, use:

<pre>DirectoryIndex foo.ext home.html home.php foo.php</pre>

~~'''~~Customizing Error Handling/Error Pages~~''':~~ If you have ever wondered how people ~~chnage~~ their 404, 500... error pages to something like lost.ext, then you will like this code in your .htaccess file:

===Customizing Error Handling/Error Pages===

If you have ever wondered how people change their 404, 500... error pages to something like lost.ext, then you will like this code in your .htaccess file:

<pre>

Line 19:

Line 24:

</nowiki>

</pre>

Where [Error Number] is replaced with the error number, and [Error Document] is replaced with the path fo the error document which can be internal or external as in:

Where [Error Number] is replaced with the error number, and [Error Document] is replaced with the path to the error document, which can be internal or external, as in:

<pre>http://www.anothersite.com/foo.ext or /foo.ext ~~(where foo.ext is in the main directory of the server the file is on)~~</pre>

<pre>http://www.anothersite.com/foo.ext or /foo.ext</pre>

~~'''~~Server Generated URL Redirects~~''':~~ You moved or renamed a directory and you know people still have the old directory bookmarked so you want them to be redirected to the new directory, then you can use this code:

===Server-Generated URL Redirects===

You moved or renamed a directory and you know people still have the old directory bookmarked so you want them to be redirected to the new directory, then you can use this code:

<pre>Redirect [Trigger] [New Destination]

Redirect /old http://www.url.com/new

Redirect /old /new</pre>

~~'''~~Limiting Access by Hostname/IP Address~~''':~~ Use this section of this article if you are ~~intrested~~ in blocking access to a file/folder on your server:

===Limiting Access by Hostname/IP Address===

Use this section of this article if you are interested in blocking access to a file/folder on your server:

<pre>

Line 32:

Line 41:

allow from 1.2.3.4

</Files>

</pre> This example denies access to admin.cgi to everyone but the ~~owner~~ of the IP Address ~~mention~~ in ''1.2.3.4''. You can also use this for a folder, in that case you would replace admin.cgi with the name of the folder. If you are ~~intrested~~ in using the Hostname rather than the IP then use:

</pre> This example denies access to admin.cgi for everyone but the user of the IP Address referred in ''1.2.3.4''. You can also use this for a folder; in that case you would replace admin.cgi with the name of the folder. If you are interested in using the Hostname rather than the IP then use:

<pre>

Line 40:

Line 49:

</Files>

</pre>

You can also use it for your whole network to have access to it alone~~, example~~:

You can also use it for your whole network to have access to it alone. Example:

<pre>

# IP Number

Line 55:

Line 64:

</Files>

</pre>

Where ''192.168.123'' is your internal network IP and .networkdomain.com is your Hostname/Domain. You can also switch it to allow from ALL and deny from a list of IPs or Hostnames.Here is a ~~pratical~~ example for ~~advance~~ users:

Where ''192.168.123'' is your internal network IP and .networkdomain.com is your Hostname/Domain. You can also switch it to allow from ALL and deny from a list of IPs or Hostnames. Here is a practical example for advanced users:

<pre>

Line 61:

Line 70:

</files>

</pre>

~~'''~~Limiting Access by User~~''':~~ This part ~~lets you use a~~ .htaccess/.htpasswd user login system ~~that~~ uses cookies. It is ~~not fully safe~~ because the session does not expire until all open ~~broswers~~ are closed so ~~try~~ not to use it ~~much~~ on ~~your~~ site section that needs ~~foul~~ proof security. Here is the code:

===Limiting Access by User===

This part shows the .htaccess/.htpasswd user login system which uses cookies. It is only partly secure because the session does not expire until all open browsers are closed, so do not use it on a site section that needs fool-proof security. Here is the code:

<pre>

AuthType Basic

Line 68:

Line 79:

Require valid-user

</pre>

For this example you ~~places~~ a .htpasswd file in the path (/htpasswd/path/to/). In the .htpasswd file will be: <pre>[user]:[password]</pre> Normally you have to encrypt the password but if you are using ~~The~~ [[~~Uniform_Server~~|Uniform Server]], then you do not need to do that. You ca also use this example to protect another directory ~~from~~ just 1 .htaccess file:

For this example, you place a .htpasswd file in the path (/htpasswd/path/to/). In the .htpasswd file will be: <pre>[user]:[password]</pre> Normally you have to encrypt the password but if you are using [[The_Uniform_Server|The Uniform Server]], then you do not need to do that. You can also use this example to protect another directory by using just one .htaccess file:

<pre>

Line 77:

Line 88:

</Directory>

</pre>

If you ~~are intrested in doing thsi~~ for just specific files then use:

If you want to do this for just specific files, then use:

<pre>

Line 86:

Line 97:

</Files>

</pre>

The ''Require'' statement is used to list valid users or groups of users ~~so if~~ you just want 1 .htpasswd file, but want multiple protected areas, then you can use:

The ''Require'' statement is used to list valid users or groups of users. If you just want one .htpasswd file but want multiple protected areas, then you can use:

<pre>Require user username1 username2 username3...</pre>

Or if you want to use it in groups then you can use:

<pre>

AuthGroupFile /~~htgorups~~/path/to/.htgroups

AuthGroupFile /htgroups/path/to/.htgroups

Require group groupname1 groupname2 groupname3...

</pre>

Line 98:

Line 109:

Groupname2: username1 username4 username5 ....

</pre>

As you can see a username may be in as many ~~group~~ as you like while others may ~~just~~ be in 1.

As you can see, a username may be in as many groups as you like while others may be in only one.

[[Category: Apache Configuration]]

@@ Line 1: / Line 1: @@
-This article will help you understand and build your knowledge of the .htaccess file you see when you run an Apache Web Server like ours.
+This article will help you understand some aspects and advantages of the .htaccess file you see when you run an Apache Web Server like ours.
-===Article is still under writing===
+==What is a .htaccess file?==
+It is Apache's directory-level configuration file (as opposed to httpd.conf, which is the main server configuration file) that provides the governing rules of how the web server operates. When it is placed in a particular directory, the rules in it apply to that directory and all the subdirectories thereof.
-==What is a .htaccess file?==
+Here is a [http://www.javascriptkit.com/howto/htaccess.shtml good tutorial] on the use and configuration of the .htaccess file.
-It is a HTTPd (Hypertext Transfer Protocol daemon) that provides the governing rules of how a web server should be ran/behave. It is the sub-conf script to the httpd.conf file in Apache.
 ==What is a .htpasswd file?==
-The .htpasswd file is a file used to store usernames and passwords for protected areas of a website that uses the .htaccess Protection.
+The .htpasswd file is a file used to store usernames and passwords for protected areas of a website that use the .htaccess Protection.
 ==Usage and Commands==
-'''Change the Default Directory Index File''': It can be used to chnage the default index file which is normally index.html, index.ext... to anything like foo.ext or whatever name/extension you prefer. To do this, use:
+Here are some examples as to how they can be used.
+===Change the Default Directory Index File===
+It can be used to change the default index file, which is normally index.html, index.ext... to anything else, like foo.ext or whatever name/extension you prefer. To do this, use:
 <pre>DirectoryIndex foo.ext home.html home.php foo.php</pre>
-'''Customizing Error Handling/Error Pages''': If you have ever wondered how people chnage their 404, 500... error pages to something like lost.ext, then you will like this code in your .htaccess file:
+===Customizing Error Handling/Error Pages===
+If you have ever wondered how people change their 404, 500... error pages to something like lost.ext, then you will like this code in your .htaccess file:
 <pre>
 <nowiki>
@@ Line 19: / Line 24: @@
 </nowiki>
 </pre>
-Where [Error Number] is replaced with the error number, and [Error Document] is replaced with the path fo the error document which can be internal or external as in:
+Where [Error Number] is replaced with the error number, and [Error Document] is replaced with the path to the error document, which can be internal or external, as in:
-<pre>http://www.anothersite.com/foo.ext or /foo.ext (where foo.ext is in the main directory of the server the file is on)</pre>
+<pre>http://www.anothersite.com/foo.ext or /foo.ext</pre>
-'''Server Generated URL Redirects''': You moved or renamed a directory and you know people still have the old directory bookmarked so you want them to be redirected to the new directory, then you can use this code:
+===Server-Generated URL Redirects===
+You moved or renamed a directory and you know people still have the old directory bookmarked so you want them to be redirected to the new directory, then you can use this code:
 <pre>Redirect [Trigger] [New Destination]
 Redirect /old http://www.url.com/new
 Redirect /old /new</pre>
-'''Limiting Access by Hostname/IP Address''': Use this section of this article if you are intrested in blocking access to a file/folder on your server:
+===Limiting Access by Hostname/IP Address===
+Use this section of this article if you are interested in blocking access to a file/folder on your server:
 <pre>
 <Files admin.cgi>
@@ Line 32: / Line 41: @@
   allow from 1.2.3.4
 </Files>
-</pre> This example denies access to admin.cgi to everyone but the owner of the IP Address mention in ''1.2.3.4''. You can also use this for a folder, in that case you would replace admin.cgi with the name of the folder. If you are intrested in using the Hostname rather than the IP then use:
+</pre> This example denies access to admin.cgi for everyone but the user of the IP Address referred in ''1.2.3.4''. You can also use this for a folder; in that case you would replace admin.cgi with the name of the folder. If you are interested in using the Hostname rather than the IP then use:
 <pre>
 <Files admin.cgi>
@@ Line 40: / Line 49: @@
 </Files>
 </pre>
-You can also use it for your whole network to have access to it alone, example:
+You can also use it for your whole network to have access to it alone. Example:
 <pre>
 # IP Number
@@ Line 55: / Line 64: @@
 </Files>
 </pre>
-Where ''192.168.123'' is your internal network IP and .networkdomain.com is your Hostname/Domain. You can also switch it to allow from ALL and deny from a list of IPs or Hostnames.Here is a pratical example for advance users:
+Where ''192.168.123'' is your internal network IP and .networkdomain.com is your Hostname/Domain. You can also switch it to allow from ALL and deny from a list of IPs or Hostnames. Here is a practical example for advanced users:
 <pre>
 <Files [/path/filename]>
@@ Line 61: / Line 70: @@
 </files>
 </pre>
-'''Limiting Access by User''': This part lets you use a .htaccess/.htpasswd user login system that uses cookies. It is not fully safe because the session does not expire until all open broswers are closed so try not to use it much on your site section that needs foul proof security. Here is the code:
+===Limiting Access by User===
+This part shows the .htaccess/.htpasswd user login system which uses cookies. It is only partly secure because the session does not expire until all open browsers are closed, so do not use it on a site section that needs fool-proof security. Here is the code:
 <pre>
 AuthType Basic
@@ Line 68: / Line 79: @@
 Require valid-user
 </pre>
-For this example you places a .htpasswd file in the path (/htpasswd/path/to/). In the .htpasswd file will be: <pre>[user]:[password]</pre> Normally you have to encrypt the password but if you are using The [[Uniform_Server|Uniform Server]], then you do not need to do that. You ca also use this example to protect another directory from just 1 .htaccess file:
+For this example, you place a .htpasswd file in the path (/htpasswd/path/to/). In the .htpasswd file will be: <pre>[user]:[password]</pre> Normally you have to encrypt the password but if you are using [[The_Uniform_Server|The Uniform Server]], then you do not need to do that. You can also use this example to protect another directory by using just one .htaccess file:
 <pre>
 <Directory /path/to/>
@@ Line 77: / Line 88: @@
 </Directory>
 </pre>
-If you are intrested in doing thsi for just specific files then use:
+If you want to do this for just specific files, then use:
 <pre>
 <Files /path/to/file.ext>
@@ Line 86: / Line 97: @@
 </Files>
 </pre>
-The ''Require'' statement is used to list valid users or groups of users so if you just want 1 .htpasswd file, but want multiple protected areas, then you can use:
+The ''Require'' statement is used to list valid users or groups of users. If you just want one .htpasswd file but want multiple protected areas, then you can use:
 <pre>Require user username1 username2 username3...</pre>
 Or if you want to use it in groups then you can use:
 <pre>
-AuthGroupFile /htgorups/path/to/.htgroups
+AuthGroupFile /htgroups/path/to/.htgroups
 Require group groupname1 groupname2 groupname3...
 </pre>
@@ Line 98: / Line 109: @@
 Groupname2: username1 username4 username5 ....
 </pre>
-As you can see a username may be in as many group as you like while others may just be in 1.
+As you can see, a username may be in as many groups as you like while others may be in only one.
+[[Category: Apache Configuration]]