htaccess

htaccess (hypertext access), A file that also allows us to define different configuration directives for each directory (with their respective subdirectories) without the need to edit the main Apache configuration file.

 

Summary

[ hide ]

  • 1 Example
  • 2 Frequent uses of .htaccess
    • 1 Restrict access to directories
    • 2 Restrict access to IPs or ISPs
    • 3 Creation of Friendly URLs (semantics)
    • 4 Handle server errors.
    • 5 Create static redirects
    • 6 Control Cache
    • 7 Avoid Hotlink
    • 8 Force Domain with or without WWW
  • 3 External links

Example

# / home / user1 / directory1 / -> Configuration 1 -> Semantic or friendly URLS (maximum two levels).

# / home / user1 / directory2 / -> Configuration 2 -> Restriction, private directory.

# / home / user2 / directory1 / -> Configuration 1 -> Semantic or friendly URLS (maximum five levels).

# / home / user2 / directory1 / -> Configuration 2 -> Deny access to a range of IP’s

#

# …

#

# ” / path / directoryX / ” -> Configuration x

Many advantages follow from the examples listed above. First of all, it should be noted that the direct defined in the .htaccess are instantly reflected in the directories so there is no need to restart apache. It allows different users to easily adapt the apache server to their needs, having only medium levels of privilege.

Frequent uses of .htaccess

The file.htaccess offers a universe of possibilities, we detail below the most frequent uses.

  • Restrict access to directories
  • Restrict access to IPs or ISPs
  • Creation of Friendly URLs (semantics)
  • Handle server errors.
  • Create static redirects
  • Control Cache
  • Avoid hotlink
  • Force domain without WWW

Restrict access to directories

In many places I have seen how to protect web directories on an Apache server through htaccess. The issue is that by default, in Apache, the AllowOverride directive will not be found in none and with this assignment the server will skip the htaccess file, with which our mechanism to protect a folder will not work. The states that the AllowOverride directive can take are Authconfig, Fileinfo, Indexes, Limit, Options, All and none.

We can see a detailed explanation of how each one works here. But in any case, if what we want is to implement an authentication mechanism we should use the AllowOverride directive with the Authconfig value. The next steps would be to create the .htaccess file in the folder to protect with something like this:

AuthUserFile  /etc/apache/.htpasswd

AuthType Basic

AuthName  “Restricted website”

require valid-user

To create the file with the logins:

htpasswd -c /etc/apache/.htpasswd myUserName

Considering taking the credentials file out of the web directory and also fine-tune the permissions.

Restrict access to IPs or ISPs

order allow, deny

deny from [WRITE-IP]

deny from [WRITE-IP]

allow from all

Creation of Friendly URLs (semantics)

# Enable the

RewriteEngine  on

RewriteBase / module

 

# Do not rewrite images or css (although the <base> tag could be used inside the html)

RewriteRule \. (Css | jpe? G | gif | png) $ – [L]

RewriteRule ^ ([az] {2}) / ([az \ -0-9] +) / ([az \ -0-9] +) \. html $ /user/index.php ? langCode = $ 1 & view = $ 2 & title = $ 3 [L]

 

# Rule consisting of 3 simple regular expressions, \ .html $ add suffix.html

# Sample URLs

 

# http://dominio.com/es/articulo/urls-amigables-htaccess.html

# http://dominio.com/en/article/semantic-urls-htaccess.html

Handle server errors.

ErrorDocument  500 http://foo.example.com/debug/

ErrorDocument  404  /error/404.php

ErrorDocument  401  /info.html

ErrorDocument  403  “Today is Christmas, leave the Internet for a while and go say hi to your family”

Create static redirects

redirect  301  /directorioViejo/archivoVidejo.htm http://www.dominio.com//2015NEW-URL]

Control Cache

Header set Cache-Control “public”

Header set Expires “Thu, 15 Apr 2010 20:00:00 GMT”

Header unset Last-Modified

Avoid Hotlink

RewriteCond % {HTTP_REFERER}! ^ $

RewriteCond % {HTTP_REFERER}! ^ Http: //domain.com$ [NC]

RewriteCond % {HTTP_REFERER}! ^ Http: //domain.com/.*$ [NC]

RewriteCond % { HTTP_REFERER}! ^ Http: //www.domain.com$ [NC]

RewriteCond % {HTTP_REFERER}! ^ Http: //www.domain.com/.*$ [NC]

RewriteRule . * \ . (gif | jpg | jpeg | png | bmp) $  –  [F, NC, L]

Force domain with or without WWW

Options + FollowSymlinks

RewriteEngine  on

RewriteCond % {HTTP_HOST} ^ www \. (. *) [NC]

RewriteRule ^ (. *) $ Http: //% 1 / $ 1 [R = 301, NC, L]

 

Leave a Comment