Tuesday, May 17, 2011

So What Is .htaccess? Directory Level Configuration File For Apache

If you are in web development or if you have ever hosted a website, then chances are that you have also heard of a file named .htaccess. This post will introduce you to .htaccess and will help you in creating some of the basic rules of the same. First off, you need to know that .htaccess is not the name of the file but it is the extension just like .pdf and .txt.
Let us start by enabling the use of .htaccess for you server (usually this is turned off by default). You have to set the AllowOverride to All from None in the Apache configuration file (placed in /etc/httpd/ or /etc/apache2/ usually). Follow this post on Ubuntu Forum if you need more help.

Redirecting URLs
Now let us start with some simple redirects. Unlike mod_rewrite, the redirects done by .htaccess are visible on the client's address bar. Assuming that you would like to redirect http://abc.com/old.html to http://abc.com/new.html, write the following rule in your .htaccess file:
Redirect /old.html http://abc.com/new.html

The last part has to be the full URL of the new location.

Password Protection
.htaccess can also be used to protect your files and directories with a password. For this, you need to create a .htpasswd file which will consist of usernames and passwords (in encrypted format). .htpasswd should be in the following format:
username1:password1
username2:password2
username3:password3

Now you need to create a .htaccess file and provide the required details in proper format as shown below:
AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /var/www/.htpasswd 
AuthGroupFile /dev/null 
require valid-user 

AuthName is the name of the restriction. You can safely change it to "Provide Password" or any other message. We are using http basic authentication, hence AuthType is Basic. AuthUserFile is the place where I am keeping my .htpasswd file. It is recommended that you should not keep the .htpasswd any your web directory (for me, Fedora user, that is /var/www/html/). The last line says that any valid user can see the content.
You can use this tool to create an .htpasswd and .htaccess easily.

Preventing Directory Listing
If you want to prevent users from seeing what is there in the directory which has no index page, you can use this method to stop the indexing which is on by default. Just add a line into your .htaccess file and you are good to go:
IndexIgnore *

You can use .htaccess to produce a customized error page for every kind of error. Follow the simple sytax below:
ErrorDocument 400 /error/badrequest.html
ErrorDocument 401 /error/pwdreqd.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/notfound.html

You can specify the html inside the .htaccess but I would not recommend it.

Now that you know a little bit about the .htaccess, I would recommend you to go through the Apache Tutorial for the same.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.