.htaccess are files (or “distributed configuration files”) which provide a way to make configuration changes on a per-directory basis.<\/p>\n
With the use of .htaccess file we can acheive the\u00a0 below tasks.
\nmake password product, redirect, script enable, index listing, index file.<\/p>\n
There are two main reasons to avoid the use of .htaccess files.<\/p>\n
The first of these is performance. When AllowOverride is set to allow the use of .htaccess files, Apache will look in every directory for .htaccess files. Thus, permitting .htaccess files causes a performance hit, whether or not you actually even use them! Also, the .htaccess file is loaded every time a document is requested.<\/p>\n
Further note that Apache must look for .htaccess files in all higher-level directories, in order to have a full complement of directives that it must apply. (See section on how directives are applied.) Thus, if a file is requested out of a directory \/www\/htdocs\/example, Apache must look for the following files:<\/p>\n
\/.htaccess
\n\/www\/.htaccess
\n\/www\/htdocs\/.htaccess
\n\/www\/htdocs\/example\/.htaccess<\/p>\n
And so, for each file access out of that directory, there are 4 additional file-system accesses, even if none of those files are present. (Note that this would only be the case if .htaccess files were enabled for \/, which is not usually the case.)<\/p>\n
The second consideration is one of security. You are permitting users to modify server configuration, which may result in changes over which you have no control. Carefully consider whether you want to give your users this privilege. Note also that giving users less privileges than they need will lead to additional technical support requests. Make sure you clearly tell your users what level of privileges you have given them. Specifying exactly what you have set AllowOverride to, and pointing them to the relevant documentation, will save yourself a lot of confusion later.<\/p>\n
To enable .htaccess, change the AllowOverride option in the apache conf file accordingly<\/p>\n
AllowOverride All<\/pre>\nInstead of All we can give Options FileInfo, AuthConfig, Limit and None<\/p>\n
The default filename is .htaccess. If we want to change change in the apache httpd.conf file as below.<\/p>\n
AccessFileName .config<\/pre>\nIf you changed the above settings .htaccess enabled. So now place a file with name .htaccess (or any given name) in the web server root directory.<\/p>\n
Before processing that directory apache will look for a file named .htaccess there before doing any processing. If parent directory\u00a0 and sub directory contains same configuration info for sub directory sub directory configuration will be taken.<\/p>\n
Useful commands<\/h2>\n
If file not found error occurred in the directory we can set the default error page to something.<\/p>\n
ErrorDocument 404 \/404.html<\/pre>\nAs mentioned above we can apply the same concept for other error codes also. For example 500 for internal server error, 403 for access denied.<\/p>\n
To disable directory indexes inside the directory add below line to .htaccess file<\/p>\n
Options -Indexes<\/pre>\nTo allow particulat ip address add below code<\/p>\n
allow from 192.168.5.26<\/pre>\n[ Range can also possible like 000.000.000.000,192.168.000.000 ]<\/p>\n
To deny particular ip address<\/p>\n
deny from 192.168.5.26<\/pre>\n[ Range can also possible like 000.000.000.000,192.168.000.000 ]<\/p>\n
To deny from all<\/p>\n
deny from all<\/pre>\nTo specify index file for each folder<\/p>\n
DirectoryIndex index.html index.jsp index.php<\/pre>\nApache will look from left to right, So if index.html not found it will look for index.jsp then index.php<\/p>\n
Also we can redirect a particular directory or particular file to another path\/file in the same server or on any other server. See below<\/p>\n
To Redirect file\/path<\/p>\n
Redirect \/path\/file \/newpath\/file<\/pre>\nRedirect \/file http:\/\/www.google.com<\/pre>\nWhile doing redirect the additional info in the path will be kept as it is. For example after\u00a0Redirect \/test http:\/\/www.google.com\/test<\/span>\u00a0 if we type\u00a0www.oldurl.com\/test\/filepath\/file.png<\/span>\u00a0 it will go to www.google.com\/test\/filepath\/file.png<\/span><\/p>\n
To protect a directory with password add below code<\/p>\n
AuthName \"Name to display while prompting password\"\r\nAuthType Basic\r\nAuthUserFile \"\/full\/path\/to\/.htpasswd\"\r\nRequire valid-user<\/pre>\nTo add the password and user details to .htpasswd file use the htpasswd command as below.<\/p>\n
htpasswd -mc \/full\/path\/to\/.htpasswd username<\/pre>\nTo access the path via script directly with password try with http:\/\/rajesh:rajesh123@localhost\/test<\/span><\/p>\n
Find the options available with htpasswd command to create password below.<\/p>\n
htpasswd [ -c ] [ -m ] [ -D ] passwdfile username\r\nhtpasswd -b [ -c ] [ -m | -d | -p | -s ] [ -D ] passwdfile username password\r\nhtpasswd -n [ -m | -d | -s | -p ] username\r\nhtpasswd -nb [ -m | -d | -s | -p ] username password<\/pre>\n-b\u00a0\u00a0 \u00a0Use batch mode; i.e., get the password from the command line rather than prompting for it. This option should be used with extreme care, since the password is clearly visible on the command line.<\/p>\n
-c\u00a0\u00a0 \u00a0Create the passwdfile. If passwdfile already exists, it is rewritten and truncated. This option cannot be combined with the -n option.<\/p>\n
-n\u00a0\u00a0 \u00a0Display the results on standard output rather than updating a file. This is useful for generating password records acceptable to Apache for inclusion in non-text data stores. This option changes the syntax of the command line, since the passwdfile argument (usually the first one) is omitted. It cannot be combined with the -c option.<\/p>\n
-m\u00a0\u00a0 \u00a0Use MD5 encryption for passwords. This is the default (since version 2.2.18).<\/p>\n
-d\u00a0\u00a0 \u00a0Use crypt() encryption for passwords. This is not supported by the httpd server on Windows and Netware and TPF. This algorithm limits the password length to 8 characters. This algorithm is insecure by today’s standards. It used to be the default algorithm until version 2.2.17.<\/p>\n
-s\u00a0\u00a0 \u00a0Use SHA encryption for passwords. Facilitates migration from\/to Netscape servers using the LDAP Directory Interchange Format (ldif).<\/p>\n
-p\u00a0\u00a0 \u00a0Use plaintext passwords. Though htpasswd will support creation on all platforms, the httpd daemon will only accept plain text passwords on Windows, Netware and TPF.<\/p>\n
-D\u00a0\u00a0 \u00a0Delete user. If the username exists in the specified htpasswd file, it will be deleted.<\/p>\n
passwdfile\u00a0\u00a0 \u00a0Name of the file to contain the user name and password. If -c is given, this file is created if it does not already exist, or rewritten and truncated if it does exist.<\/p>\n
username\u00a0\u00a0 \u00a0The username to create or update in passwdfile. If username does not exist in this file, an entry is added. If it does exist, the password is changed.<\/p>\n
password\u00a0\u00a0 \u00a0The plaintext password to be encrypted and stored in the file. Only used with the -b flag.<\/p>\n","protected":false},"excerpt":{"rendered":"
What is .htacces file? .htaccess are files (or “distributed configuration files”) which provide a way to make configuration changes on a per-directory basis. With the use of .htaccess file we can acheive the\u00a0 below tasks. make password product, redirect, script … Continue reading