Good tutorial http://fragments.turtlemeat.com/htaccess.php

Table of contents

· What is .htaccess for?

· .htaccess syntax

Forbidding access:

· Forbidding all files

· Allow access from a certain IP address

· Forbid access from a certain IP address

· Forbidding a group of files by mask

· Forbidding a particular file

Setting a password:

· Password for a directory

· Password for one file only

· Password for a group of files

· Checking access rights to three directories two of which are subdirectories


Redirections:

· Redirecting a visitor to another URL

· Displaying different pages depending on the visitor’s IP address

· Redirecting a user when he requests certain pages

· How to change the default page

· How to make Apache process SSI directives

· How to process Apache errors yourself?

· How to forbid the contents of a directory to be displayed if it has no index file?

· Is it possible to specify the default encoding of files the browser receives them in?

· Is it possible to specify the encoding of uploaded files?

Frequent errors:

· I created the .htaccess file, but the server returns 500 – Internal Erorr

Programs list for managing of the Apache servers

· What programs do exist for managing of the Apache servers? (Apache GUI)

What is .htaccess for?

When you type an address in the address bar of your browser, your computer receives files that your browser displays. The web server controls which files and how should be displayed (sent) to you. The two most popular servers are IIS and Apache.

Like any other software, a web server has certain settings. However, as an Apache user, you may have no (and if we talk about virtual hosting, most probably you will have no) rights to change the Apache configuration using its main configuration files that affect all server users. But you can modify some configuration files that affect only your website. One of such files is .htaccess.

It is a flexible Apache web server configuration file. “Flexible” means that as soon as you modify anything in this file, the changes are applied immediately. You can use it to redefine a lot of directives from the file httpd.conf (this file is the main configuration file in Apache and it affects absolutely all users of this Apache copy). In those cases when you have no access to the Apache configuration file (exactly in case of virtual hosting), it is this file that will help you.

A web user cannot access this file using the browser. If the .htaccess file is located in the root directory of the server, it affects the entire server except those directories where other .htaccess files are stored (and except all their subdirectories).

Example:

using .htaccess fileYour directories have the following structure on the server:

The directories ‘user1’ and ‘user2’ will be subdirectories for the user directory. If we put the .htaccess file in the ‘user’ directory, it will automatically affect directories ‘user1’ and ‘user2’.

We save another .htaccess file to the ‘data’ directory, this file is different from the one stored in the ‘user’ directory. The .htaccess file located in ‘data’ will affect the directories ‘data1’ and ‘data2’.

Now we save another .htaccess file that is different from the one stored in the directory 2 levels higher (the ‘user’ directory) to the ‘user2’ directory. As a result, the settings of the ‘user2’ directory will be defined only by the .htaccess file located in this directory.

Since most often Apache is configured in such a way that it always searches each directory for this file, .htaccess will help you quickly reconfigure the server without stopping it.

.htaccess syntax

Here is the required syntax. If you do not observe it, it will result in server errors.

— paths to files (directories) are specified from the server root. Example: /opt/home/www.site.com/htdocs/config/.htpasswd
— domains with protocols specified. Example: Redirect / http://www.site.com

The file name is exactly “dot” htaccess. It must be in the UNIX format (ASCII mode).

How to forbid visitors to read files from a directory?

Forbidding all files:

deny from all

Allow access from a certain IP address:

order allow deny
deny from all
allow from

In this case, stands for a specific address. For example:

order allow deny
deny from all
allow from 192.126.12.199

Forbid access from a certain IP address:

order allow deny
deny from all
deny from

Using is similar to the example above.

Forbidding a group of files by mask:


order allow,deny
deny from all

Defines access to a file by its extension. For example, forbidding web visitors to access files with the “inc” extension:


order allow,deny
deny from all

In this example the Apache server can access files with this extension.

Forbidding a particular file:

You can forbid a particular file using its name and extension.


order allow,deny
deny from all

This example forbids the file config.inc.php to be accessed.

Setting a password

Password for a directory:

AuthName "Private zone"
AuthType Basic
AuthUserFile /pub/home/your_login/.htpasswd
require valid-user

AuthName will be displayed for the user and can be used to explain authentication request. The value of AuthUserFile defines the location where the file with passwords for accessing this directory is stored. This file is created by a special tool named htpasswd.exe contained in Apache

For example, we create the following .htaccess file in the protected directory:

AuthName "For Registered Users Only"
AuthType Basic
AuthUserFile /pub/site.com/.htpasswd
require valid-user

In this example, the user requesting this directory will read the message “For Registered Users Only”, the file with passwords for access must be stored in the directory /pub/site.com/ and it must be named .htpasswd . The directory is specified from the server root. If you specify the directory incorrectly, Apache will not be able to read the .htpasswd file and nobody will get access to this directory.

Password for one file only:

Similar to protecting a whole directory with a password, you can set a password for one file only. An example of setting a password to the file private.zip:


AuthName "Users zone"
AuthType Basic
AuthUserFile /pub/home/your_login/.htpasswd

Password for a group of files:

Similarly, you can use to set password for files by mask. An example of setting a password for accessing all files with the “sql” extension:


AuthName "Users zone"
AuthType Basic
AuthUserFile /pub/home/your_login/.htpasswd

Checking access rights

Task: there is a directory named a1 containing two subdirectories (a2, a3), there are two access levels for users. The first group can access only a1 and a2, the second group can access all three directories. You should perform authentication only once – when accessing a1, but observe access rights for а2 and а3.
The username and password are requested only once while accessing а1 – if the user has access to а2, the password it not requested again. If the user has no access to а3, he will see the message “Enter the password”.

www.site.com/a1
www.site.com/a1/а2
www.site.com/a1/a3

a1 – common and protected at the same time
а2 and а3 only for certain users.

The .htaccess file for the directory а1:

AuthName "Input password"
AuthType Basic
AuthUserFile "/pub/home/your_login/htdocs/closearea/.htpasswd"

require valid-user

The .htaccess file for the directory а2:

AuthName "Input password"
AuthType Basic
AuthUserFile "/pub/home/your_login/htdocs/closearea/.htpasswd"

require user user1 user2 user3

The .htaccess file for the directory а3:

AuthName "Input password"
AuthType Basic
AuthUserFile "/pub/home/your_login/htdocs/closearea/.htpasswd"

require user user1 user4 user5

How to redirect a visitor?

Redirecting to another URL:

To redirect a visitor to http://site.com, add the following to .htaccess

Redirect / http://www.site.com

Displaying different pages depending on the visitor’s IP address:

SetEnvIf REMOTE_ADDR REDIR="redir"
RewriteCond %{REDIR} redir
RewriteRule ^/$ /another_page.html

For example, redirecting visitors with IP 192.12.131.1 to the page about_my_site.html:

SetEnvIf REMOTE_ADDR 192.12.131.1 REDIR="redir"
RewriteCond %{REDIR} redir
RewriteRule ^/$ /about_my_site.html

Redirecting a visitor when he request certain pages:

It is already for all network viruses and scanners. Now any request with the address /_vti_bin will be automatically redirected to Microsoft:

redirect /_vti_bin http://www.microsoft.com
redirect /scripts http://www.microsoft.com
redirect /MSADC http://www.microsoft.com
redirect /c http://www.microsoft.com
redirect /d http://www.microsoft.com
redirect /_mem_bin http://www.microsoft.com
redirect /msadc http://www.microsoft.com
RedirectMatch (.*)cmd.exe$ http://www.microsoft.com$1

How to change the default page?

To change the page that will be displayed when a visitor access a directory, write:

DirectoryIndex

It is possible to specify several pages:

DirectoryIndex index.shtml index.php index.php3 index.html index.htm

How to make Apache process SSI directives?

SSI allows you to “assemble” a page using its parts. You have the code of the menu in one part, the code of the header in another part and the footer in a third part. And the visitor sees a usual page consisting of the code stored in your parts.

Some settings in httpd.conf are required.

Add Includes to the Options directive in the block starting with and ending with .

After that add the following to the .htaccess file:

AddHandler server-parsed .shtml .shtm .html .htm

How to process Apache errors yourself?

The most interesting and useful Apache errors are 403-404, 500.

403 – the user has not been authenticated, access denied (Forbidden).
404 – the requested document (file, directory) is not found.
500 – internal server error (for example, an error in the syntax of the .htaccess file).

For the user to see your own error messages for these error, add the following to .htaccess:

ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html

If error 404 occurs, the user receives the file errors/403.html.

It is convenient to create your own handler for some errors. Add the following to .htaccess:

ErrorDocument 403 /errors/error.php?403
ErrorDocument 404 /errors/error.php?404
ErrorDocument 500 /errors/error.php?500

Determine the document that caused error in error.php using $HTTP_SERVER_VARS[‘REQUEST_URI’] and process it then. If .htaccess contains the file with the full path for ErrorDocument (http://site.com/error.php), $HTTP_SERVER_VARS[‘REQUEST_URI’] will contain this file instead of the one that caused the error.

Internet Explorer 5.0 incorrectly processes the error file if it is smaller than 1 kilobyte. It opens the standard IE 404 page.

How to forbid the contents of a directory to be displayed if it has no index file?

Suppose all graphics used on your site is stored in the ‘img’ directory. A visitor can type the address of this directory in his browser and see the list of all your image files. Of course, it will not cause any damage, but you might forbid the visitor to view this directory as well. Add the following to .htaccess:

Options -Indexes

Is it possible to specify the encoding of all file the browser receives documents in by default?

When the Internet only came to existence and first browsers appeared, it often happened that the browser could not automatically determine which of the Russian encodings a document was written in and the browser displayed a complete mess. To avoid it, specify that all pages will be encoded in Windows-1251:

AddDefaultCharset windows-1251

Is it possible to specify the encoding of uploaded files?

When a visitor uploads a file to the server, it is possible to recode it. To do it, specify that all uploaded files will be encoded in Windows-1251:

CharsetSourceEnc windows-1251

Frequent errors

I created the .htaccess file, but the server returns 500 – Internal Error

There is an error in its syntax or the file is saved in the wrong format.


Sometimes when working with an image you want to make a certain color transparent. When working with a gif file this would make a round circle look round on any color background. This is actually very simple once you do it once. Finding the information for this took me a while so I thought I would pass it on to anyone that was interested.

1. Open your image in the gimp.

2. Right click the image and go to LAYERS then TRANSPARENCY then ADD ALPHA CHANNEL. You won’t notice anything happening, but don’t be concerned. It basically adds a transparent layer at the bottom of your image so when we erase the colors…..it’s shows the transparent layer. Which of course would show whatever was under it on the screen.

3. Right click on the image again and go to SELECT and then down to BY COLOR. A window that is all black opens up. Don’t change any of the settings….just use the defaults for now.

4. Now click on the color in the image you want to be transparent. These colors will now show up outlined.

5. Right click on the image again and go to EDIT and then down to CLEAR. This should now erase the outlined color you just picked from the image and the “transparent gimp checkerbox” should show through. This is the Gimps way of showing you that section is now transparent.

6. Right click on the image and choose SAVE AS and make sure to save as a GIF file if you want the transparency to work on the web.

Another fun feature that can be used while using the SELECT and BY COLOR ….. instead of hitting CLEAR you can FILL W BG COLOR or the other one FILL W FG COLOR ……….. this allows you to change the colors over the entire image instantly for the particular pixel color you choose to start with. Very fast and fun once you figure this out.