Welcome!

Apache Authors: Elizabeth White, Pat Romanski, Liz McMillan, Christopher Harrold, Janakiram MSV

Blog Feed Post

.htacess file tutorial – useful tips

For those who are unfamiliar with .htaccess file, here is  the basic info:

 .htaccess (hypertext access) is the default name of a directory-level configuration file that allows for decentralized management of web server configuration. The .htaccess file is placed inside the web tree, and is able to override a subset of the server's global configuration; the extent of this subset is defined by the web server administrator.The original purpose of .htaccess was to allow per-directory access control (e.g. requiring a password to access the content), hence the name. Nowadays .htaccess can override many other configuration settings, mostly related to content control, e.g. content type and character set, CGI handlers, etc.

Following are some basic tips and uses of .htaccess file, I think every webmaster should at least have an idea of the power and usefulness of .htaccess file.

1. Create a custom error page.

.htaccess makes it easy to create your own custom error pages. Just create your custom error page files and then add this code to your .htaccess file:

ErrorDocument 401 /401.php 
ErrorDocument 403 /403.php 
ErrorDocument 404 /404.php 
ErrorDocument 500 /500.php 

(you should replace the “/500.php” or whatever with your own file path and name.)


2. Prevent directory browsing.

If you don’t include an index file in a directory, visitors can browse the directory itself. But preventing that is as easy as adding a single line to your .htaccess file:


Options All –Indexes

 
3.Block access to your .htaccess file

By adding he following code to your htaccess file will prevent attempts to access your htaccess file. This extra layer of security protects your htaccess file by displaying a 403 error message on the browser.


# secure htaccess file
<Files .htaccess>
 order allow,deny
 deny from all
</Files>

 
4. Set the default page of each directory.

If you don’t want to use an index page in each directory, you can set the default page visited when someone reaches (like an about page or a page offering the newest content) that directory by adding this:

DirectoryIndex news.html 


(And of course you’d replace the “news.html” bit with whatever you want to use as the default.)

 
5.Redirect everyone to different site except few IP

If you want to redirect all the visitors to a different IP. Also give access to certain  few IPs. You can use the code below:

ErrorDocument 403 http://www.youdomain.com
Order deny,allow
Deny from all
Allow from 124.34.48.165
Allow from 102.54.68.123

 
6.Redirect Visitors While You Update Your Site

Update and test your site while visitors are redirected to the page of your choice:

order deny,allow
deny from all
allow from 123.123.123.123

ErrorDocument 403 /page.html

<Files page.html>
allow from all
</Files>


Replace 123.123.123.123 with your IP address. Also replace page.html with the name of the page you want visitors to see.

 
7.Disguise your file types.

You can disguise all of your file types by making them appear as PHP files. Just insert this snippet in:

ForceType application/x-httpd-php 

 
8.Protect your site from hotlinking.

The last thing you want is for those stealing your content to also be able to embed the images hosted on your server in their posts. It takes up your bandwidth and can quickly get expensive. Here’s a way to block hotlinking within htaccess:

view plaincopy to clipboardprint?
RewriteEngine On 
RewriteCond %{HTTP_REFERER} !^$ 
RewriteCond %{HTTP_REFERER} !^
http://([ -a-z0-9]  \.)?domain\.com [NC] 
RewriteRule \.(gif|jpe?g|png)$ - [F,NC,L] 


(Of course you’ll want to replace the domain\.com with your own domain name.)

 
9.Restrict file upload limits for PHP:

You can restrict the maximum file size for uploading in PHP, as well as the maximum execution time. Just add this:


php_value upload_max_filesize 10M 
php_value post_max_size 10M 
php_value max_execution_time 200 
php_value max_input_time 200 

Line one specifies the maximum file size for uploading; line two is the maximum size for post data; line three is the maximum time in seconds a script can run before it’s terminated; and line four is the maximum amount of time in seconds a script is allowed to parse input data.

 
10.Force a file to download with a “Save As” prompt.

If you want to force someone to download a file instead of opening it in their browser, use this code:

AddType application/octet-stream .doc .mov .avi .pdf .xls .mp4

 
11.Redirect to a secure https connection

If you want to redirect your entire site to a secure https connection, use the following:


view plaincopy to clipboardprint?
RewriteEngine On 
RewriteCond %{HTTPS} !on 
RewriteRule (.*)
https://%{HTTP_HOST}%{REQUEST_URI}

 
12.Block script execution.

You can stop scripts in certain languages from running with this:

Options –ExecCGI 
AddHandler cgi-script .pl .py .php .jsp. htm .shtml .sh .asp .cgi

Just replace the types of scripts you want to block.

 
13.Set up a 301 redirect.

If you move around the structure of your site and need to redirect some old URLs to their new locations, the following bit of code will do so for you:

view plaincopy to clipboardprint?
Redirect 301 /original/filename.html
http://domain.com/updated/filename.html


 Important Note:


1-Be careful of spelling- .htaccess is not forgiving of spelling errors.
2-htaccess is case sensitive. If something is shown in the examples with a capital letter, make sure it’s capitalized in your htaccess file.


For readers interested in advance knowledge, I will recommend the following guides:


While preparing this article, I have taken benefit from many good tutorials on the web,like:


Read the original blog entry...

More Stories By Mohsin Khawaja

Mohsin Khawaja is a Internet Marketing Manager at Intellectual Works.He occasionally writes on various IT topics along with various SEO, SEM and Internet Marketing articles.
http://www.linkedin.com/in/khmohsin

IoT & Smart Cities Stories
DXWorldEXPO LLC announced today that ICC-USA, a computer systems integrator and server manufacturing company focused on developing products and product appliances, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City. ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of ...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or per...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...