December 01, 2003 | View Comments (19) | Category: Our Thoughts
Summary: .htaccess files and how you use them
Sunny was asking me today if I could help him with his .htaccess files. Seeing how I do not use them except for some referral stuff, I was of very little help. So I was hoping there were some people who could help all of us non-htaccess people by telling us what you use the .htaccess file for and maybe throw in some code for examples. I am very curious to see the power of this file as it is something I myself have yet to dwell deeply into.
Trackback URL: http://9rules.com/cgi-bin/mt/mt-tb.cgi/65
Hi,
the .htaccess files can be used to configure the mod_rewrite module for Apache which allows url rewriting.
See the reasons why one should use it ( http://www.useit.com/alertbox/990321.html ) and how to use it.(http://httpd.apache.org/docs/mod/mod_rewrite.html)
Hope it helps.
JMF (http://www.dyingculture.net)
I found this *after* I'd read the docs for .htaccess so I don't know how well it works.
http://www.bitesizeinc.net/index.php/htaccesser.html
pete (http://www.monkiboi.net)
.htaccess is great in conjunction with mod_rewrite to do redirects (eg to make search engine-friendly URLs for dynamic content), and to make ban lists for bad robots and spammers. However it's voodoo so you can do pretty much anything. Bring plenty of chickens!
This is definitely from an .htaccess newbie, but might be a start:
http://oli.boblet.net/2003/11/13/voodoo
http://oli.boblet.net/2003/11/19/cron
http://oli.boblet.net/2003/11/28/linkage
oli (http://oli.boblet.net/)
You can also set the "default" file for your site.
When working with dynamic files, i prefer to use the file extensions .view and .info for business-logic and config files (respectivly). This increases security, because users don't know what server-side technology you're using.
So my sites always have a "index.view" file, rather than index.php/.html/.shtml
I do this in the .htaccess file as follows:
# Use this line for SSI pages:
AddHandler server-parsed .view .info
# Use this line for PHP
AddType application/x-httpd-php .view .info
# Directory Indexing
DirectoryIndex index.view
dysfunksional.monkey (http://dysfunksion.co.uk)
You might also find this useful as a start:
http://wsabstract.com/howto/htaccess.shtml
dysfunksional.monkey (http://dysfunksion.co.uk)
We used to write loads of Flash games at message. We started to find a number of games portals deep linking to them and passing them off as their own without permission. As well as stealing our content, they were also stealing our bandwidth.
To get around this we set up a rewrite rule that would rewrite an url if it was linked to from outside our domain. We rewrote this url so it pointed to another flash files that told people that the site they were on was stealing our content and that if they wanted to play our games they were more than welcome to visit our game site.
We also used to manage a members only site and found that quite a few passwords started appearing on password sharing boards. Again we used a rewrite rule to bounce anybody being referred to the members area from an external site to the join page.
Andy Budd (http://www.andybudd.com/blog/)
.htaccess files are great. When it comes to Apache.
Unfotunately, my web site finds itself sitting on Zeus servers, which by most counts appear better than Apache.
They do allow .htaccess files, but what you can do with them is limited.
Currently I use it simply to direct 404's to an error page. I would like to use it for URL rewriting but, annoyingly, I can't.
Patrick Griffiths (http://www.htmldog.com/ptg/)
To follow up on what dysfunksional.monkey said, I also find it useful to remove the extensions from files completely to make URL's a little easier to display.
You can also use .htaccess to parse all .html files for SSI calls, which can slow down things slightly as far as the server is concerned, but is really useful if you're just using one or two per page, rather than naming the files .shtml
Don't forget about modifying the PHP config file, you can use the 'php_value' to modify the different settings in the server-wide php.ini file for those times that you don't have access to make changes to that file directly.
On top of those, it's also great to specify error pages (just don't forget they have to be a certain size or Internet Explorer won't pick them up), block IP addresses (or whole IP blocks, as you see fit), make use of MOD_REWRITE and other tricks.
jarrod (http://textbased.com/)
Does anyone have some sample code for mod_rewrite that would automatically bring up a page whenever I go to a directory like /archives?
Scrivs (http://www.9rules.com/whitespace/)
Wait, nevermind I think dysfunksional.monkey already posted the code.
Scrivs (http://www.9rules.com/whitespace/)
It's nice to be able to use .htaccess to control php.ini settings in a virtual hosting environment.
If you've got a million unique visitors and one less-than-perfect piece of code, the error log can quickly fill itself to the point of bringing the server down to its knees.
#record errors,notices, and warnings once
php_flag ignore_repeated_errors on
Ro
I use htaccess for a high-traffic phpbb forum I manage to keep the bandwidth usage down and keep load times fast for users by setting expire dates on images:
htaccess file contains nothing but this:
ExpiresActive On
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
IIUC, the browser, once these files are loaded, will not even attempt to put a request for them in a normal session (force-refresh will rerequest, as will cleaning the cache). So traffic drops a good bit and images load instantaneously; but if you change any images, you need to use different filenames or many people will still see the old one.
About the only other thing I use it for (by hand, anyway) is redirects. I redirect errors to error pages and on one site I did in fusebox, I made "friendly" Marketing type URLs... /models would redirect to /index.php?fuseaction=home.models and so on
JC (http://www.thelionsweb.com/weblog)
Plugging for a friend... Hmmm ;)
SitePoint Forums (http://sitepointforums.com/) has a resident mod_rewrite guru (pippo - http://sitepointforums.com/member.php?u=11964) who is a good online friend of mine.
Check out the mod_rewrite FAQ of his (http://sitepointforums.com/showthread.php?t=117343) and I'm pretty sure if pippo (real name Andrea) isn't too busy, you'll get a reply to mod_rewrite questions asked in the Apache Configuration forum (http://sitepointforums.com/forumdisplay.php?f=199) rather soon.
Of course, do your homework first before asking any questions.
Cheah Chu Yeow (http://blog.codefront.net/)
I use .htaccess to
- tell Apache to run php code in .html files
- configure mod_rewrite
- restrict access to some directories
- redirect errors to custom error pages
Roger (http://www.456bereastreet.com)
Thanks folks! I delved into this wholeheartedly at the moment and two simple discoveries (at least for me its pretty cool):
Prevent Directory Listing:
Options -Indexes
Default Directory Page:
DirectoryIndex index.php index.xml
What the above chunk of code does is for every directory, it makes the index.php (or whatever other extension) the default page. Notice there is a index.xml also. You can add as many parameters, as it will cycle thorugh each one. Of course the filename can also be anything (instead of index.php, scrivs_is_cool.php, or whatever).
The above two are simple enough security procedures, just add it to your .htaccess file and drop it in your root directory or wherever appropos.
Add to this, hot link prevention, and you are all set.
Hot Link prevention:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourowndomain.com/.*$ [NC]
RewriteRule \.(png|gif|jpg)$ - [F]
For the more adventurous, who love to have a custome error page, this will do.
Custom 404 Error Page:
ErrorDocument 404 /errors/notfound.html
Make sure that the error page has useful information, that guides the reader. Also, an IE5 bug (again!) doesn't load your customized error page if it is smaller that 600 bytes, so make sure it has enough text in it.
The above should be enough security for most websites, and at the moment is adequate enough for my purposes. But as Scrivs tell us to always learn, I will continue more into rewriting and redirects. More on this will be forthcoming.
Sunny (http://www.thesunreport.org/)
Glad to see you learned something from all of this Sunny :)
Scrivs (http://www.9rules.com/whitespace/)
"Also, an IE5 bug (again!) doesn't load your customized error page if it is smaller that 600 bytes, so make sure it has enough text in it."
That's not a bug, actually, it's a feature. If it's less than 600 bytes it assumes the error page did not load properly. Same behaviour for any error page, not just 404s. I think the intent was that servers throwing errors may have problems running properly or may be overloaded and better to show a default page than a broken error page that might not even display anything.
One extremely important item...
do *not* put a 404 redirect in... until you have the page it's going to. Depending on how your server is configured, you get either a polite apache 404 or an infinite loop on the server
Spoken from experience
JC (http://www.thelionsweb.com/weblog)
You can also use htaccess to format your directory listings instead of block them. Choose which fields to display and what icons to use and add a header and footer and so on.
http://evolt.org/article/A_Cheesy_htaccess_Tutorial/18/226/evolt.org#b
http://httpd.apache.org/docs/mod/mod_autoindex.html
good for file download folders. Not terribly useful for most people, but I've seen it done to good effect
JC (http://www.thelionsweb.com/weblog)
Keep track of comments to all entries with the Comments Feed
©2003-06 9rules, Inc. | Thoughts Feed | Notes Feed
Amazon Stores: Powertools | Jewelry | Books | Health | Landscaping | Kitchen | Movies
#1
I generally use it to restrict access to some directories but here is the official .htaccess guide from Apache http://httpd.apache.org/docs/howto/htaccess.html
Flexer (http://cute.mozdev.org)