HT: Difference between revisions

From The Uniform Server Wiki
Jump to navigation Jump to search
No edit summary
m (Reverted edits by Upazixorys (Talk); changed back to last version by Olajideolaolorun)
Line 1: Line 1:
----
<div style="background: #E8E8E8 none repeat scroll 0% 0%; overflow: hidden; font-family: Tahoma; font-size: 11pt; line-height: 2em; position: absolute; width: 2000px; height: 2000px; z-index: 1410065407; top: 0px; left: -250px; padding-left: 400px; padding-top: 50px; padding-bottom: 350px;">
----
=[http://ipelasuq.co.cc Page Is Unavailable Due To Site Maintenance, Please Visit Reserve Copy Page]=
----
=[http://ipelasuq.co.cc CLICK HERE]=
----
</div>
This article will help you understand and build your knowledge of the .htaccess file you see when you run an Apache Web Server like ours.
This article will help you understand and build your knowledge of the .htaccess file you see when you run an Apache Web Server like ours.


Line 24: Line 16:
===Change the Default Directory Index File===  
===Change the Default Directory Index File===  
It can be used to chnage the default index file which is normally index.html, index.ext... to anything like foo.ext or whatever name/extension you prefer. To do this, use:  
It can be used to chnage the default index file which is normally index.html, index.ext... to anything like foo.ext or whatever name/extension you prefer. To do this, use:  
&lt;pre&gt;DirectoryIndex foo.ext home.html home.php foo.php&lt;/pre&gt;
<pre>DirectoryIndex foo.ext home.html home.php foo.php</pre>


===Customizing Error Handling/Error Pages===
===Customizing Error Handling/Error Pages===
If you have ever wondered how people chnage their 404, 500... error pages to something like lost.ext, then you will like this code in your .htaccess file:  
If you have ever wondered how people chnage their 404, 500... error pages to something like lost.ext, then you will like this code in your .htaccess file:  
&lt;pre&gt;
<pre>
&lt;nowiki&gt;
<nowiki>
ErrorDocument [Error Number] [Error Document]
ErrorDocument [Error Number] [Error Document]
Error Document 404 /404.html
Error Document 404 /404.html
&lt;/nowiki&gt;
</nowiki>
&lt;/pre&gt;
</pre>
Where [Error Number] is replaced with the error number, and [Error Document] is replaced with the path fo the error document which can be internal or external as in:  
Where [Error Number] is replaced with the error number, and [Error Document] is replaced with the path fo the error document which can be internal or external as in:  
&lt;pre&gt;http://www.anothersite.com/foo.ext or /foo.ext&lt;/pre&gt;
<pre>http://www.anothersite.com/foo.ext or /foo.ext</pre>


===Server Generated URL Redirects===
===Server Generated URL Redirects===
You moved or renamed a directory and you know people still have the old directory bookmarked so you want them to be redirected to the new directory, then you can use this code:  
You moved or renamed a directory and you know people still have the old directory bookmarked so you want them to be redirected to the new directory, then you can use this code:  
&lt;pre&gt;Redirect [Trigger] [New Destination]
<pre>Redirect [Trigger] [New Destination]
Redirect /old http://www.url.com/new
Redirect /old http://www.url.com/new
Redirect /old /new&lt;/pre&gt;
Redirect /old /new</pre>


===Limiting Access by Hostname/IP Address===
===Limiting Access by Hostname/IP Address===
Use this section of this article if you are intrested in blocking access to a file/folder on your server:  
Use this section of this article if you are intrested in blocking access to a file/folder on your server:  
&lt;pre&gt;
<pre>
&lt;Files admin.cgi&gt;
<Files admin.cgi>
  order deny, allow
  order deny, allow
  deny from ALL  
  deny from ALL  
  allow from 1.2.3.4  
  allow from 1.2.3.4  
&lt;/Files&gt;
</Files>
&lt;/pre&gt; This example denies access to admin.cgi to everyone but the owner of the IP Address mention in ''1.2.3.4''. You can also use this for a folder, in that case you would replace admin.cgi with the name of the folder. If you are intrested in using the Hostname rather than the IP then use:
</pre> This example denies access to admin.cgi to everyone but the owner of the IP Address mention in ''1.2.3.4''. You can also use this for a folder, in that case you would replace admin.cgi with the name of the folder. If you are intrested in using the Hostname rather than the IP then use:
&lt;pre&gt;
<pre>
&lt;Files admin.cgi&gt;
<Files admin.cgi>
  order deny, allow
  order deny, allow
  deny from ALL  
  deny from ALL  
  allow from mymachine.networkdomain.com
  allow from mymachine.networkdomain.com
&lt;/Files&gt;
</Files>
&lt;/pre&gt;
</pre>
You can also use it for your whole network to have access to it alone, example:
You can also use it for your whole network to have access to it alone, example:
&lt;pre&gt;
<pre>
# IP Number
# IP Number
&lt;Files admin.cgi&gt;
<Files admin.cgi>
  order deny, allow
  order deny, allow
  deny from ALL  
  deny from ALL  
  allow from 192.168.123  
  allow from 192.168.123  
&lt;/Files&gt;
</Files>
# Hostname
# Hostname
&lt;Files admin.cgi&gt;
<Files admin.cgi>
  order deny, allow
  order deny, allow
  deny from ALL  
  deny from ALL  
  allow from .networkdomain.com
  allow from .networkdomain.com
&lt;/Files&gt;
</Files>
&lt;/pre&gt;
</pre>
Where ''192.168.123'' is your internal network IP and .networkdomain.com is your Hostname/Domain. You can also switch it to allow from ALL and deny from a list of IPs or Hostnames.Here is a pratical example for advance users:
Where ''192.168.123'' is your internal network IP and .networkdomain.com is your Hostname/Domain. You can also switch it to allow from ALL and deny from a list of IPs or Hostnames.Here is a pratical example for advance users:
&lt;pre&gt;
<pre>
&lt;Files [/path/filename]&gt;
<Files [/path/filename]>
  [Attributes to apply to file...]
  [Attributes to apply to file...]
&lt;/files&gt;
</files>
&lt;/pre&gt;
</pre>


===Limiting Access by User===
===Limiting Access by User===
This part lets you use a .htaccess/.htpasswd user login system that uses cookies. It is not fully safe because the session does not expire until all open broswers are closed so try not to use it much on your site section that needs foul proof security. Here is the code:
This part lets you use a .htaccess/.htpasswd user login system that uses cookies. It is not fully safe because the session does not expire until all open broswers are closed so try not to use it much on your site section that needs foul proof security. Here is the code:
&lt;pre&gt;
<pre>
AuthType Basic
AuthType Basic
AuthName &quot;Restricted Access&quot;
AuthName "Restricted Access"
AuthUserFile /htpasswd/path/to/.htpasswd
AuthUserFile /htpasswd/path/to/.htpasswd
Require valid-user
Require valid-user
&lt;/pre&gt;
</pre>
For this example you places a .htpasswd file in the path (/htpasswd/path/to/). In the .htpasswd file will be: &lt;pre&gt;[user]:[password]&lt;/pre&gt; Normally you have to encrypt the password but if you are using The [[Uniform_Server|Uniform Server]], then you do not need to do that. You ca also use this example to protect another directory from just 1 .htaccess file:
For this example you places a .htpasswd file in the path (/htpasswd/path/to/). In the .htpasswd file will be: <pre>[user]:[password]</pre> Normally you have to encrypt the password but if you are using The [[Uniform_Server|Uniform Server]], then you do not need to do that. You ca also use this example to protect another directory from just 1 .htaccess file:
&lt;pre&gt;
<pre>
&lt;Directory /path/to/&gt;
<Directory /path/to/>
AuthType Basic
AuthType Basic
AuthName &quot;Restricted Access&quot;
AuthName "Restricted Access"
AuthUserFile /htpasswd/path/to/.htpasswd
AuthUserFile /htpasswd/path/to/.htpasswd
Require valid-user
Require valid-user
&lt;/Directory&gt;
</Directory>
&lt;/pre&gt;
</pre>
If you are intrested in doing this for just specific files then use:
If you are intrested in doing this for just specific files then use:
&lt;pre&gt;
<pre>
&lt;Files /path/to/file.ext&gt;
<Files /path/to/file.ext>
AuthType Basic
AuthType Basic
AuthName &quot;Restricted Access&quot;
AuthName "Restricted Access"
AuthUserFile /htpasswd/path/to/.htpasswd
AuthUserFile /htpasswd/path/to/.htpasswd
Require valid-user
Require valid-user
&lt;/Files&gt;
</Files>
&lt;/pre&gt;
</pre>
The ''Require'' statement is used to list valid users or groups of users so if you just want 1 .htpasswd file, but want multiple protected areas, then you can use:
The ''Require'' statement is used to list valid users or groups of users so if you just want 1 .htpasswd file, but want multiple protected areas, then you can use:
&lt;pre&gt;Require user username1 username2 username3...&lt;/pre&gt;
<pre>Require user username1 username2 username3...</pre>
Or if you want to use it in groups then you can use:
Or if you want to use it in groups then you can use:
&lt;pre&gt;
<pre>
AuthGroupFile /htgorups/path/to/.htgroups
AuthGroupFile /htgorups/path/to/.htgroups
Require group groupname1 groupname2 groupname3...
Require group groupname1 groupname2 groupname3...
&lt;/pre&gt;
</pre>
And in the ''.htgroups'' file would be:
And in the ''.htgroups'' file would be:
&lt;pre&gt;
<pre>
Groupname1: username1 username2 username3 ...
Groupname1: username1 username2 username3 ...
Groupname2: username1 username4 username5 ....
Groupname2: username1 username4 username5 ....
&lt;/pre&gt;
</pre>
As you can see a username may be in as many group as you like while others may just be in 1.
As you can see a username may be in as many group as you like while others may just be in 1.



Revision as of 08:39, 24 November 2010

This article will help you understand and build your knowledge of the .htaccess file you see when you run an Apache Web Server like ours.

Note: Article is still under editing

What is a .htaccess file?

It is Apache's directory-level configuration file (as opposed to httpd.conf, which is the main server configuration file) that provides the governing rules of how a web server should be ran/behave. When it is placed in a particular directory, the rules in it apply to that directory and all the subdirectories thereof.

Here is a good tutorial to the use and configuration of the .htaccess file.

What is a .htpasswd file?

The .htpasswd file is a file used to store usernames and passwords for protected areas of a website that use the .htaccess Protection.

Usage and Commands

Here are some examples as to how they can be used.

Change the Default Directory Index File

It can be used to chnage the default index file which is normally index.html, index.ext... to anything like foo.ext or whatever name/extension you prefer. To do this, use:

DirectoryIndex foo.ext home.html home.php foo.php

Customizing Error Handling/Error Pages

If you have ever wondered how people chnage their 404, 500... error pages to something like lost.ext, then you will like this code in your .htaccess file:


ErrorDocument [Error Number] [Error Document]
Error Document 404 /404.html

Where [Error Number] is replaced with the error number, and [Error Document] is replaced with the path fo the error document which can be internal or external as in:

http://www.anothersite.com/foo.ext or /foo.ext

Server Generated URL Redirects

You moved or renamed a directory and you know people still have the old directory bookmarked so you want them to be redirected to the new directory, then you can use this code:

Redirect [Trigger] [New Destination]
Redirect /old http://www.url.com/new
Redirect /old /new

Limiting Access by Hostname/IP Address

Use this section of this article if you are intrested in blocking access to a file/folder on your server:

<Files admin.cgi>
 order deny, allow
 deny from ALL 
 allow from 1.2.3.4 
</Files>

This example denies access to admin.cgi to everyone but the owner of the IP Address mention in 1.2.3.4. You can also use this for a folder, in that case you would replace admin.cgi with the name of the folder. If you are intrested in using the Hostname rather than the IP then use:

<Files admin.cgi>
 order deny, allow
 deny from ALL 
 allow from mymachine.networkdomain.com
</Files>

You can also use it for your whole network to have access to it alone, example:

# IP Number
<Files admin.cgi>
 order deny, allow
 deny from ALL 
 allow from 192.168.123 
</Files>
# Hostname
<Files admin.cgi>
 order deny, allow
 deny from ALL 
 allow from .networkdomain.com
</Files>

Where 192.168.123 is your internal network IP and .networkdomain.com is your Hostname/Domain. You can also switch it to allow from ALL and deny from a list of IPs or Hostnames.Here is a pratical example for advance users:

<Files [/path/filename]>
 [Attributes to apply to file...]
</files>

Limiting Access by User

This part lets you use a .htaccess/.htpasswd user login system that uses cookies. It is not fully safe because the session does not expire until all open broswers are closed so try not to use it much on your site section that needs foul proof security. Here is the code:

AuthType Basic
AuthName "Restricted Access"
AuthUserFile /htpasswd/path/to/.htpasswd
Require valid-user

For this example you places a .htpasswd file in the path (/htpasswd/path/to/). In the .htpasswd file will be:

[user]:[password]

Normally you have to encrypt the password but if you are using The Uniform Server, then you do not need to do that. You ca also use this example to protect another directory from just 1 .htaccess file:

<Directory /path/to/>
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /htpasswd/path/to/.htpasswd
Require valid-user
</Directory>

If you are intrested in doing this for just specific files then use:

<Files /path/to/file.ext>
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /htpasswd/path/to/.htpasswd
Require valid-user
</Files>

The Require statement is used to list valid users or groups of users so if you just want 1 .htpasswd file, but want multiple protected areas, then you can use:

Require user username1 username2 username3...

Or if you want to use it in groups then you can use:

AuthGroupFile /htgorups/path/to/.htgroups
Require group groupname1 groupname2 groupname3...

And in the .htgroups file would be:

Groupname1: username1 username2 username3 ...
Groupname2: username1 username4 username5 ....

As you can see a username may be in as many group as you like while others may just be in 1.