Raghu
Joined: 12 Mar 2009
Posts: 29
|
 Posted: Thu Aug 13, 2009 12:48 pm Post subject: uses and utilisation of .htaccess |
 |
|
.htaccess
An htaccess file is a simple ASCII file. You would create through a text editor like NotePad or SimpleText. So many people to have some confusion about the naming convention for the file. .htaccess is the extension file. It is not file.htaccess or any thing, it is a simple like named .htaccess
Advantages of .htaccess
Password protection
Blocking users by IP
Preventing directory listing
Custom error pages,
Change your default directory page
In order to create the file, open up a text editor and save an empty page as .htaccess. Your editor will append its default file extension to the name i.e., for Notepad it would call the file .htaccess.txt. You need to remove the .txt file extension in order to get yourself htaccessing yes, You can also rename it via telnet or your ftp program, and you should be familiar enough with one of these so as not to need explaning.
Htaccess files must be uploaded as ASCII mode, not BINARY. You may need to CHMOD the htaccess file to 644. This makes the file usable by the server, but prevents it from being read by a browser, which can seriously compromise your security. If you have password protected directories, if a browser can read the htaccess flle, then they can get the location of the authentication file and then reverse engineer the list to get full access to any portion that you previously had protected.
Most commands in htaccess are meant to be placed on one line only, so if you use a text editor that uses word-wrap, make sure it is disabled or it might through in a few characters that annoy Apache to no end.
It is important to note that this can be prevented (if, for example, you did not want certain htaccess commands to affect a specific directory) by placing a new htaccess file within the directory you don't want affected with certain changes, and removing the specific command(s) from the new htaccess file that you do not want affecting this directory.
For example,
Customize Error Messages
In order to specify your own customized error documents, you simply need to add the following command, on one line, within your htaccess file:
ErrorDocument code /directory/filename.ext
or
ErrorDocument 404 /errors/notfound.html
This would cause any error code resulting in 404 to be forward to yoursite.com/errors/notfound.html
Likewise with:
ErrorDocument 500 /errors/internalerror.html
You can also specify HTML, believe it or not!
ErrorDocument 401 "<body bgcolor=#ffffff><h1>You have
to actually <b>BE</b> a <a href="#">member</A> to view
this page, Colonel!
Password protection
The first thing you will need to do is create a file called .htpasswd. I know, you might have problems with the naming convention, but it is the same idea behind naming the htaccess file itself, and you should be able to do that by this point.
a username and password of wsabstract (and I do not recommend having the username being the same as the password), the htpasswd file would look like this:
wsabstract:y4E7Ep8e7EYV
Change your default directory page
DirectoryIndex filename.html
This would cause filename.html to be treated as your default page, or default directory page. You can also append other filenames to it. You may want to have certain directories use a script as a default page. That's no problem too!
DirectoryIndex filename.html index.cgi index.pl default.htm
Prevent viewing of .htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
The first line specifies that the file named .htaccess is having this rule applied to it. You could use this for other purposes as well if you get creative enough.
Redirects
htaccess uses redirect to look for any request for a specific page (or a non-specific location, though this can cause infinite loops) and if it finds that request, it forwards it to a new page you have specified:
Redirect /olddirectory/oldfile.html http://yoursite.com/newdirectory/newfile.html |
|
