Board index Linux Apache

Moderator: chandranjoy


Postby chandranjoy » Wed Mar 17, 2010 6:54 pm

Use of .htaccess

Using with .htaccess we can do following:

How to deny IP specific addresses?

# vi /home/user/public_html/.htaccess

Order allow, deny
Deny from
Deny from 212.155.
Deny from
Allow from all

How to prevent or allow directory listing?

The following line enables Directory listing.

Options +Indexes

The following disables directory listing for your web site.

Options –Indexes

With .htaccess file you can control which files to be ignored when creating a directory list.
For example:
IndexIgnore *.gif *.zip *.txt

Will make the apache server to skip all gif, zip and txt files from the directory list.
IndexIngnore *

Will just create an empty directory list.

You can use custom error pages for any error as long as you know its number (like 404 for page not found) by adding the following to your .htaccess file:

ErrorDocument errornumber /file.html

For example if I had the file notfound.html in the root direct
ory of my site and I wanted to use it for a 404 error I would use:
ErrorDocument 404 /notfound.html

Protecting a folder:

cd /home/user/public_html/

htpasswd -c .htpasswd username

the above command will create .htpasswdfile

To password protect a folder on your site, you need to put the following code in your .htaccess file:

AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "My Secret Folder"
Require valid-user

Protecting a file:

To password protect just a single file in a folder, use the following .htaccess file:

AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "My Secret Page"

<Files "mypage.html">
Require valid-user

Hotlink Protectection:

You can prevent the hot-linking of your images by creating a .htaccess file with the following content:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?*$ [NC]
RewriteRule \.(gif|jpe?g|png)$ - [F]

To block other type of files, just add their extension to the list above. For example to block movie files:

RewriteRule \.(mov|avi|wmv|mpe?g)$ - [F]

The Hot-Linking prevention is based on an Apache module called ModRewrite.

The Apache web server provides several way for setting up redirects.

The most simple one is using the “Redirect” directive:

Redirect /folder

With such a line in your .htaccess if a visitor tries to load

he will be redirected to

You can add a status code to the Redirect directive. For example for Permanent 301 redirect you can use:

Redirect permanent /folder

Another useful directive is the RedirectMatch. With it you can use regular expressions in the redirect condition. For example

RedirectMatch "\.html$"

This will redirect all requests to files that end with .html to the index.php file.

Introduction to mod_rewrite and some basic examples:
Create easy to remember URLs or also known as COOL URIs, other call them Search Engine Friendly URLs. For example you have some complicated site driven by some server-side scripting language: PHP, Perl, etc. In general its URLs will look like ... 20&lang=en

It is not easy to remember such URL.

Using ModRewrite you can make the URL look like:

Here is the code:

RewriteEngine On
RewriteRule ^([a-z]*)/([a-z]*)/([1-9]+)(-[1-9]+)? $

Force SSL/https using .htaccess and mod_rewrite:

Sometimes you may need to make sure that the user is browsing your site over securte connection. An easy to way to always redirect the user to secure connection (https://) can be accomplished with a .htaccess file containing the following lines:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$

Please, note that the .htaccess should be located in the web site main folder.

In case you wish to force HTTPS for a particular folder you can use:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} somefolder
RewriteRule ^(.*)$

The .htaccess file should be placed in the folder where you need to force HTTPS.

301 Permanent redirects for parked domain names:

If you have several domain names parked/pointed at your site it is a good idea to create permanent 301 redirect for them so for the search engines not to treat them as duplicate content.

Here is a sample .htaccess that will do that:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^$ [OR]
RewriteCond %{HTTP_HOST} ^$
RewriteRule ^(.*)$

And even more generic solution would be:

RewriteEngine on
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^(.*)$

Enable CGI, SSI with .htaccess :

As .htaccess is a powerful tool. It gives you option to change the way the webserver serves your files. On most web hosting servers you can use SSI (Server Side Includes) in shtml, or shtm files.

However, you need to use SSI in your .html and htm files. There is an easy solution for this.
Just add the following line in your .htaccess file:
AddHandler server-parsed .html .htm

This line will tell the server to parse your .htm file as SSI and execute any SSI directives you have there.

You can also use .htaccess to enable CGI scripts execution as well as change the default extension for such files as well.

For Perl/CGI scripts you will need:

AddHandler cgi-script .cgi .pl

To make PHP files to be parsed as PHP when PHP is running as module:

AddType application/x-httpd-php .html .htm

To make PHP files to be parsed as PHP when PHP is running as CGI (suexec, etc)
AddHandler application/x-httpd-php .html .htm

How to add Mime-Types using .htaccess:

In case your web hosting account is not configured to server certain mime types with the proper content type. You can change this using .htaccess file.

For example if you need to configure your server to display ASX files:

AddType video/x-ms-asf asf asx

For windows media audio WMA
AddType audio/x-ms-wma .wma

A comprehensive list of mime-types can be found here

There is one more useful feature of the AddType directive. Most of you most probably know that Internet Explorer opens MS Word, Excell, PDF and some other files inside a browser window. To force the browser to download the file you can use AddType to change the document type:
AddType application/octet-stream .doc .xls .pdf

Change default directory page:

On most web servers there is a pre-defined set of file names which server a start page.
The most commonly used are: index.html, default.html, index.php, index.asp, etc.

The good news is that you can set your custom file to be a start page of your site using .htaccess.

For example the following line set home-page.html as a main page of your site:

DirectoryIndex home-page.html

The DirectoryIndex directive can accept more than one name:

DirectoryIndex home-page.html Home.html, index.html index.php index.cgi

So when a visitors goes to, the first page to be loaded will be the home-page.html if it cannot be found the server will look then for Home.html, index.html, etc until it finds a match.

Block Bad robots, spiders, crawlers and harvesters:

We can block unwanted search engine bots using with .htaccess.

SetEnvIfNoCase user-agent "^BlackWidow" bad_bot=1
<FilesMatch "(.*)">
Order Allow,Deny
Allow from all
Deny from env=bad_bot

Change PHP variables using .htaccess:

The ones that can be changed with .htaccess are the ones marked with: PHP_INI_PERDIR or PHP_INI_ALL. The ones marked as PHP_INI_SYSTEM cannot be changed via .htaccess files.

The syntax is pretty simple:
php_flag [variable_name] [value]

For example if you need to turn off register_globals:
php_flag register_globals off

If you need to change the PHP include path:
php_value include_path ".:/usr/local/lib/php:/your_include/path"

The include_path string starts with a dot “.” And then each additional path is separated with a semi colon. (e.g. .:/path1:/path2:/path3)
Site Admin
Posts: 283
Joined: Fri Oct 23, 2009 11:19 pm

Return to Apache

Who is online

Users browsing this forum: No registered users and 1 guest