Common .htaccess Rules

By Joe Gardiner Tuesday, 7th September 2010

catn-config

In Apache web server, the .htaccess file is a configuration file that enables local management of the web server.

The .htaccess file in a shared environment allows a user to change specific configuration settings local to their web directory, and override the central Apache configuration settings. There is a .htaccess guide specifically for vCluster available: Introduction to .htaccess and .craccess.

Why would you want to do that?

Every time a web request is made on a users share of a web server the .htaccess file is read, allowing instant configuration changes, unlike the main Apache configuration that requires a restart for any changes to take effect. Allowing a user to configure their local Apache settings is often desirable when compared to giving a user access to main Apache settings, unthinkable in a shared environment!

An .htaccess file can be placed in each directory on a users share, allowing configuration per directory. This allows redirects and password protection to be applied to single directories, and easily changed without compromising security by allowing access to the central Apache configuration, a major benefit for the user and the system administrator!

What can I do with .htaccess?

Custom error pages

Custom error pages allow you to apply your sites theme to error pages for broken links or misspelt url’s, maintaining a professional look for your website. Error documents can be used for numerous types of error pages:

  • Bad request – 400
  • Authorisation required – 401
  • Forbidden – 403
  • Page not found – 404
  • Server error – 500

Open your .htaccess file and add the following for each custom error page you wish to use.

ErrorDocument 400 /errordocs/error400.htm
ErrorDocument 401 /errordocs/error401.htm
ErrorDocument 403 /errordocs/error403.htm
ErrorDocument 404 /errordocs/error404.htm
ErrorDocument 500 /errordocs/error500.htm
All that remains is to create the error files in an errordocs directory, or similar. Th errordocs directory will be relative to the document root of the server, so in the above example errordocs is a sub-directory of document root, or in vCluster’s case the http folder.

Password protection

Adding password protection for particular parts of your site, or the site as a whole, allows you to only give access to users with valid usernames and passwords, limiting access to your content. To password protect your site you need the following lines in your .htaccess file and another file called .htpasswd which I cover a bit further down:

AuthName "The text you want to appear on the prompt box."
AuthType Basic
AuthUserFile /root directory/.htpasswd
require valid-user

AuthName: you can change the text inside the quotes to anything you like. This text will be displayed on the username and password prompt box, so something like “enter your details” would be appropriate.

AuthUserFile: The directory listing for this line points to the .htpasswd file which contains all the username and password information.

require: the valid-user value is very important and states that any username and password validation will be accepted. Using valid-user prevents you from having to list every individual username that is valid.

Whichever directory you place the .htaccess file in will be password protected. If you place the file in your root directory your whole site will be protected.

.htpasswd

A file named .htpasswd needs to be created at the location listed in the .htaccess file in line 3 AuthUserFile section.

In the file the username and password for each valid user are listed, although the passwords are stored in encrypted form instead of insecure clear text. The .htpasswd file will look like this:

joebloggs:R5iG9QasV41p0
mrdesres:f87Jq2VH7esL9
johnsmith:98Hkdg3T01WfgV

The passwords are decrypted by Apache when a user attempts to login. You can use plenty of online tools to encrypt a password for adding to your .htpasswd file. I think this one does the job well: 4WebHelp Encryption Tool. It outputs the exact line you need to add to your .htpasswd file including the username and colon.

mod_rewrite

CatN vCluster has the Rewrite module installed by default enabling the Rewrite Engine in your .htaccess file. Check that this is the case with your web-host before attempting to use the Rewrite Engine!

Mod_rewrite allows you to hide the server level requests being made by the user from the URL displayed in their browser. For example they may be requesting…

http://www.adomain.co.uk/panel.php?position=top

…but the URL they see will look like…

http://www.adomain.co.uk/panel/top

…much prettier!

To tidy up domains we need to add a few lines to the .htaccess file to filter certain characters and replace with forward slashes.

RewriteEngine on
RewriteRule ^panel/([^/.]+)/?$ panel.php?position=$1 [L]

See all those text characters above? ^panel/([^/.]+)/?$. This is a regular expression, you can view regular expression syntax in this reference document: Regular Expressions Reference.

Redirect visitors

You can re-direct visitors who are after a particular directory on your website to another directory using the .htaccess file. This may be useful to direct visitors to a newer version of a page without having to update links throughout your site.

Re-directing is very easy to do, and you can set up multiple re-directs for as many site directories as you want. Add the following lines to your .htaccess file for each re-direct you require.

Redirect permanent /adirectory /thenewdirectory
Redirect permanent /afile.php /thenewfile.php

The basic rule is to add the current/old location first and the desired new location second. This method can be used for domains as well, for example:

Redirect permanent /afile.html http://yourdomain.co.uk/thenewfile.html

Blocking IP addresses

You can use your .htaccess file to block a specific IP address or addresses from a range. For example you may wish to block all users from a particular company. It is worth remembering that this technique relies upon static IP adresses, and that home users will often be accessing the internet from a dynamic IP.

Blocking an IP address/range is very easy to do and only requires one additional line in your .htaccess file:

Deny from 123.123.123.123
Deny from 123.123

Default page loading

You can specify the file to load by default from each directory of your web site. To enable this you need to place an .htaccess file in each directory you wish to specify the default file for. You can have numerous .htaccess files throughout your site directories, remember the password protecting directory section? This is another example of when you may want per directory .htaccess settings.

Use the following line to specify the default file to load.

DirectoryIndex index.php

Just replace index.php with your require default file. You can also specify multiple files to load, and the order to load them. This is very simple and similar to the previous line.

DirectoryIndex index.php index.html index.asp

The above line will tell Apache web server to try and load index.php, and if this file cannot be loaded then attempt to load index.html, and again if this file is not present then load index.asp.

Resources

The apache.org documentation for .htaccess files is a useful introduction and outlines situations suitable for using .htaccess as well as those not so suitable! Have a look at this page: “.htaccess files

The site www.htaccesstools.com offers some great tools for generating .htaccess files as well as relevant articles such as redirection for mobile devices.

If you run into any problems configuring your .htaccess file leave a comment or contact me at support@catn.com for further assistance.


Posted in Advanced Configuration, Guides | No Comments » twitter-follow facebook-follow rss-follow

Leave a Reply

Your email address will not be published. Required fields are marked *