25 Uses for .htaccess page

25 Uses for .htaccess page and 2 downloadable books

Developers Guide - 2015-11-03 - 1134 views

25 Uses for .htaccess page

1. Mod_Rewrite: one of the most useful facets of the .htaccess file is mod_rewrite. You can use the space in the .htaccess file to designate and alter how URLs and web pages on your sites are displayed to your users.

Think about the last time you visited some shopping website, looking for that one specific thing you needed to buy. When you finally reached the page, the URL most likely looked something like this:

gizmo.com/latest_and_greatest/specific_gadgets/exactly_what_youre_looking_for

This is not because this website took the time to set up every single directory you would need to make your purchase, but because of a handy module called Mod_Rewrite. Mod_Rewrite allows you to make custom and simplified URLs as needed. In reality, the actual URL may have looked closer to this:

http://www.gizmo.com/gp/itemB004RYVI0Q/ref=as_li_ss_tl?

This tutorial will go over Activating Mod_Rewrite, Creating and Using the required .htaccess page, and setting up the URL rewrites.

 

2. Basic HTTP Authentication (Protect your folders):

 Although using the .htaccess file does not require as many permissions as accessing the apache2.conf file would require, we can still make effective changes to a site. Once such change is to require a password to access certain sections of the webpage.

 

3. Custom Error Pages: the .htaccess file additionally allows you to create custom error pages for your site. Some of the most common errors are:

  • 400 Bad Request
  • 401 Authorization Required
  • 402 Payment Required (not used yet)
  • 403 Forbidden
  • 404 Not Found
  • 405 Method Not Allowed
  • 406 Not Acceptable (encoding)
  • 407 Proxy Authentication Required
  • 408 Request Timed Out
  • 409 Conflicting Request
  • 410 Gone
  • 411 Content Length Required
  • 412 Precondition Failed
  • 413 Request Entity Too Long
  • 414 Request URI Too Long
  • 415 Unsupported Media Type 
  • 500 Internal Error

Host Server errors:

  • 500 Internal Server Error
  • 501 Not Implemented
  • 502 Bad Gateway
  • 503 Service Unavailable
  • 504 Gateway Timeout
  • 505 HTTP Version Not Supported 

4. Mime Types: In cases where your site features some application files that your server was not set up to deliver, you can add MIME types to your Apache server in the .htaccess file with the following code.

AddType audio/mp4a-latm .m4a

Be sure to replace application and file extension with the Mime Type that you want to support.

 

5. Enabling SSI (Server Side Includes): is a great time-saver on a website. One of the most common uses of SSI is to update a large number of pages with some specific data, without having to update each page individually (for example, if you want to change a quotation at the bottom of a page).

To enable SSI, type the following code into your .htaccess file.

AddType text/html .shtml

AddHandler server-parsed .shtml

 

6. Redirects

 Redirects enable us to direct web site visitors from one document within your web site to another. This is useful for example, if you have moved your web site content and would like to redirect visitors from old links to the new content location.

To set-up redirects, create a .htaccess file following the main instructions and guidance which includes the following text:

Redirect /old_dir/ http://www.yourdomain.com/new_dir/index.html

 

7. Deny visitors by IP address:

The visitor blocking facilities offered by the Apache Web Server enable us to deny access to specific visitors, or allow access to specific visitors. This is extremely useful for blocking unwanted visitors, or to only allow the web site owner access to certain sections of the web site, such as an administration area.

This property is useful for blocking or allowing a specified country by IP.

 

8. Deny visitors by referrer

The visitor blocking facilities offered by the Apache Web Server enable us to deny access to specific visitors based on where they have come from. If you've ever looked at your logs and noticed a surprising increase in traffic, yet no increases in actual file requests it's probably someone pinching content (such as CSS files) or someone attempting to hack your web site (this may simply mean trying to find non public content).

Note, this functionality requires that 'mod_rewrite' is enabled on your server. Due to the demands that can be placed on system resources, it is unlikely it is enabled so be sure to check with your system administrator or web hosting company.

 

9. Hot link prevention techniques

Protect your images or files from outsource using, to reduce the bandwidth usage.

Hot link prevention refers to stopping web sites that are not your own from displaying your files or content, e.g. stopping visitors from other web sites. This is most commonly used to prevent other web sites from displaying your images but it can be used to prevent people using your JavaScript or CSS (cascading style sheet) files. The problem with hot linking is it uses your bandwidth, which in turn costs money, hot linking is often referred to as 'bandwidth theft'.

 

10. Blocking offline browsers and 'bad bots' or ' Rippers':

Offline browsers are pieces of software which download your web page, following the links to your other web pages, downloading all the content and images. The purpose of this is innocent, so the visitor can log off the Internet and browse the site without a connection, but the demand on the server and bandwidth usage can be expensive. Bad bots as they are often called refers to programs which visit your web site, either to source content, look for security holes or to scan for email addresses. This is often how your email address ends up on 'Spam' databases, because they have set a 'bot' to scan the Internet and collect email addresses. These programs and 'bots' often ignore the rules set out in 'robot.txt' files.

 

11. DirectoryIndex uses

The directoryindex command allows you to specify a default page to display when a directory is accessed. For instance, if a visitor requests a directory on your web site, you can specify the file to load when the directory is accessed (if a filename is not specified in the initial request). For example, to display a 'index.html' file rather than showing directory listings or to load a 'index.php' file rather than an 'index.html' file.

 

12. Enable CGI outside of the cgi-bin

If your web server does not allow you to run CGI scripts outside of the 'cgi-bin' directory, you can enable CGI. Check with your system administrator or web hosting company before doing so.

To enable CGI, create a .htaccess file following the main instructions and guidance which includes the following text:

AddHandler cgi-script .cgi

Options +ExecCGI

The above lines tell the Apache Web Server to allow firstly, process '.cgi' files as CGI scripts, and secondly to enable CGI within the directory.

 

13. Disable directory listings

Preventing directory listings can be very useful if for example, you have a directory containing important '.zip' archive files or to prevent viewing of your image directories. Alternatively it can also be useful to enable directory listings if they are not available on your server, for example if you wish to display directory listings of your important '.zip' files.

 

14. Setting server timezone

 

15. Changing server signature

To change the server signature which is displayed as part of the default Apache error documents, use the following code:

ServerSignature EMail

SetEnv SERVER_ADMIN nospace@pleasenospace.com

The example above will simply change the email address which is displayed, this is useful if the default address is not set correctly.

To remove the server signature completely, use the following code:

ServerSignature Off

 

16. Preventing access to your PHP includes files

If you have a directory containing PHP includes, that you do not wish to be accessed directly from the browser, there is a way of disabling the directory using Mod_Rewrite.

 

17. Prevent access to php.ini

If you run the risk of someone accessing your php.ini or php.cgi files directly through their browsers, you can limit access to them using .htaccess.

 

18. Forcing scripts to display as source code

If you need to display scripts as source code, instead of executing, for example to allow review, this can be achieved with the Remove Handler function

 

19. Ensuring media files are downloaded instead of played

It is possible to ensure that any media files are treated as a download, rather than to be played by the browser.

 

20. Setting up Associations for Encoded Files

Some browsers are capable of uncompressing encoded information as they receive it.

 

21. Preventing requests with invalid characters

If you wish, you can use Mod_Rewrite to deny requests containing invalid characters, please be aware that with certain site setups this may break links.

 

22. Change a name of page in your site

If you need to alter the name of your website's pages e.g. from "page.php" to "page.ar".

 

23. Create a sub-domain.

 

24. Accelerate pages and images:

By adjust their update one monthly of types of files you want to adjust on your pages.

ExpiresActive On

ExpiresByType image/gif "access 1 week"

 

 

25. Enable and Disable PHP variables.

 

 

For the brief using methods download the following books:

1. htaccess Guide , Click here to download htaccessGuiade.pdf - 358kb

2. شرح عمل جميع أوامر ملف .htaccess في الموقع بكل بساطة .. للتحميل اضغط هنا htaccess.zip - 23kb

 

References:

https://www.digitalocean.com/community/tutorials/how-to-use-the-htaccess-file

http://www.htaccess-guide.com/

http://www.traidnt.net/vb/traidnt2555180/

No Rights Reserved, Have fun !
Read more 9 Fantastic articles