htaccess talk

8/13/2019 Htaccess Talk

1/20

What can you do w i th .h taccess?

Lots!


2/20


3/20

When to use?

#nly if you do not have access to mainapache config file

$f possible place configuration in a

%&irectory' section of main config file erformance *ecurity issues

llows configuration changes without a

server restart What you can put in these files is

determined by the llow#verride

directive.


4/20

+ow they a re app l ied?

pplies to current , all subdirectories

-ultiple .htaccess file are mergedincluding with main config

pplied from top to bottom

&eeper files have predecence


5/20

What can you do?

-ost configuration directivesheck http/00httpd.apache.org0docs01.10mod02uickreference.html

Look at onte3t line in manual
http://httpd.apache.org/docs/2.2/mod/quickreference.htmlhttp://httpd.apache.org/docs/2.2/mod/quickreference.html


6/20

ommon 4ses

5estict ccess

based on password

bassed on $ and0or domain

ustom 6rror ages

6nable **$

dd additional -$-6 types

7orce download

45L 5ewriting


7/20

5est r i c t !ccess by $( 0&omain

# deny all except those indicatedorder deny,allowdeny from allallow from !"$%"&'"()*

allow from "+domain"com"+


8/20

5e2u i re (assword

# password.protect the directory in which

# this htaccess r/le resides0/thType 1asic0/th2ame 3This directory is protected30/thUser4ile -home-path-"htpasswd

5e6/ire 7alid./ser


9/20

5e2u i re (assword o r ! l l ow $(

# password.protect directory for e7ery 8P# except the one specified

0/thType 1asic0/th2ame 3This directory is protected30/thUser4ile -home-path-"htpasswd5e6/ire 7alid./ser

0llow from ))"(("''"&&Satisfy 0ny


10/20

(assword f i l e h in ts

4se an #nline generatorhttp/00www.the8ackol.com0scripts0htpasswdgen.php

lace password file outside of documentroot or hide with configuraton
http://www.thejackol.com/scripts/htpasswdgen.phphttp://www.thejackol.com/scripts/htpasswdgen.php


11/20

(revent access to a spec i f i c f i l e

# pre7ent 7iewin9 of a specific file


12/20

(revent access to mu l t ip le f i l etypes


13/20

ustom 6r ro r (ages

# ser7e c/stom error pa9esError?oc/ment %** http@--foo"example"com-c9i.1in-testerError?oc/ment $*$ -c9i.1in-1adA/rls"plError?oc/ment $* -s/1scriptionAinfo"htmlError?oc/ment $* 3Sorry canBt allow yo/ access today3


14/20

6nab le ** $

0ddType text-html "html0ddType text-html "shtml0ddCandler ser7er.parsed "html0ddCandler ser7er.parsed "shtml


15/20

!dd add i t i ona l - $-6 types

# add 7ario/s mime types0ddType application-x.shocDwa7e.flash "swf0ddType 7ideo-x.fl7 "fl70ddType ima9e-x.icon "ico


16/20

7orce down load

# instr/ct 1rowser to download m/ltimedia0ddType application-octet.stream "a7i0ddType application-octet.stream "mp90ddType application-octet.stream "wm70ddType application-octet.stream "mp


17/20

5ewr i t ing 45Ls w i th mod9rewr i te

7irstly a warning about mod9rewrite/

Despite the tons of examples and docs, mod_rewrite

is voodoo. Damned cool voodoo, but still voodoo.--Brian Moore

:his module uses a rulebased rewriting engine(based on a regulare3pression parser) to

rewrite re2uested 45Ls on the fly.


18/20

#ld domia in to new domain

# redirect from old domain to new domain5ewriteEn9ine On5ewrite5/le ;"+= http@--www"new.domain"com- F5*,LH


19/20

;rowser sn i f f i ng

# 1roswer sniffin9 7ia htaccess en7ironmental 7aria1les

5ewriteEn9ine On5ewriteIond JKCTTPAUSE5A0GE2T :oMilla"+5ewrite5/le - -index.for.moMilla"html FLH5ewriteIond JKCTTPAUSE5A0GE2T Lynx"+5ewrite5/le - -index.for.lynx"html FLH5ewrite5/le - -index.for.all.others"html FLH


20/20

5efe rences

pache onfigurationhttp/00httpd.apache.org0docs00mod0directives.htmlhttp/00httpd.apache.org0docs01.10mod0directives.html

pache .htaccess tutorialhttp/00httpd.apache.org0docs0>?0>

htaccess talk

Documents