.htaccess

From SonicWiki
Jump to: navigation, search

What is .htaccess?

The .htaccess file is a special file that Apache webservers use to configure how files will be treated in a particular directory. It is a text file that contains Apache configuration directives. A full listing of these can be found at the Apache website.

How do I set up custom error messages?

When a bad web request is made, the web server will reply with an error message. There are a number of possible error messages that can be returned, each of with has an error code associated with it. These errors include

    • 400 = Bad Request. Usually a mangled communication between the browser and server.
    • 401 = Authorization Required. If the user cancels a password request, this error is generated.
    • 403 = Forbidden. If indexing is turned off, and/or the server can not show/access the directory.
    • 404 = Page not found. The requested URL goes to a non-existant file or directory.
    • 500 = Internal Server Error. Mostly likely a script error.

These are the most commonly seen error codes when browsing the World Wide Web. Instead of using the default Sonic.net error messages, you can use your own custom messages. This can be done by placing the following text in your .htaccess file:

ErrorDocument CODENUMBER URL

For example, if you would like all "not found" errors to display the file located at http://login.users.sonic.net/404.html, you would use the following code:

ErrorDocument 404 http://login.users.sonic.net/404.html

401 (authentication required) errors require a relative path to function properly. For example:

ErrorDocument 401 /401.html

Full information regarding the ErrorDocument directive can be found at http://www.apache.org/docs/mod/core.htmlerrordocument

How do I stop people from direct-linking to my images?

If you find that people are "stealing" images directly from your website (e.g. linking to your content from their webpages), you can do something about it. First, you would need to identify the problem by inspecting your web logs. Information on interpreting your logs can be found in the Webalizer FAQ. If you find that some of your images are being loaded far more often than your webpages are, there may be somebody leeching bandwidth off of you. This can be prevented by placing the following code into your .htaccess file:

SetEnvIfNoCase Referer "sonic\.net" local_ref=1
SetEnvIf Referer "^$" local_ref=1
<FilesMatch "\.(gif|jpg)">
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>

This will specifically deny access to any file whose name ends with ".gif" or ".jpg" if the referring URL is not from "sonic.net" or if no referrer is provided.

If you have Basic Hosting for your domain name, you will want to replace "sonic\.net/" with "yourdomain\.tld" instead (where "tld" is the top-level domain such as "com" or "net" or "br" or "jp"). Similarly, if you use filenames such as ".jpeg" or ".jpe" or alternate file formats such as ".png" you will want to add them to the "(gif|jpg)" portion (for all of the above, "(jpg|jpe|jpeg|gif|png)" would be appropriate).

Information on the "FilesMatch" directive can be found at http://httpd.apache.org/docs/mod/core.htmlfilesmatch. An alternate method of protecting files from direct-linking can be found at http://alistapart.com/articles/hotlinking/ which uses PHP.

How do I redirect traffic to a new URI?

As with other .htaccess techniques, this involves editing a plaintext file named ".htaccess" in your web directory. In this file, type the following:

Redirect [old] [full URI of new]

Where "[old]" is the relative path to the old content, and [full URI of new] is the full URI of where you would like the traffic to end up. For example, if you wanted to redirect traffic from http://login.users.sonic.net/directory1/ to http://login.users.sonic.net/directory2/, you would use the following:

Redirect directory1/ http://login.users.sonic.net/directory2/

As always, you can have multiple directives in the same .htaccess file. You should always end a .htacess file with a single empty line (hit the [return] key twice after you type the above text).

You can also forward your domain to another website, or to a name-based web host, by following the instructions for Domain Forwarding.

How do I password protect one of my web directories?

You can password protect your web directories through use of a .htaccess file.

Compose a .htaccess File

Create the standard plaintext file called .htaccess in the directory that you want to password protect. It should look like this:

AuthUserFile /home/WWW_pages/loginname/password-dir/.htpasswd
AuthGroupFile /dev/null
AuthName ByPassword
AuthType Basic
<Limit GET>
require user name
</Limit>

Then make sure you have one blank line at the bottom of your .htaccess file, otherwise you will get a Malformed Header message.

Change the following information:

AuthUserFile
Change: /home/WWW_pages/loginname/password-dir/ to the full path of the directory that you will be putting the password file into.
Change loginname to your Sonic login name.
AuthName
Change ByPassword to something unique. This will usually be shown when a browser prompts for a password.
<LIMIT GET>
If you want to allow other methods (particularly in CGI directories), you can specify them separated by spaces in the LIMIT directive. For example:

<LIMIT GET POST PUT>
require user pumpkin
</LIMIT>

Change name to the name of the user that will be accessing your protected web directory.

Create the password file

At your shell prompt, type: htpasswd -c /home/WWW_pages/loginname/password-dir/.htpasswd name

Where /home/WWW_pages/loginname/password-dir/.htpasswd is the same path you specified in the .htaccess file and name is the user name you put in your .htaccess file.

Now the program will ask you to type in the password twice.

How do I give access to a directory to more than one username/password pair?

Follow the directions for the single user [passwd above], except for the following modifications:

Modify the AuthGroupFile and require lines in the .htaccess file in the directory to look like this:

AuthUserFile /home/WWW_pages/loginname/password-dir/.htpasswd
AuthGroupFile /home/WWW_pages/loginname/password-dir/.htgroup
AuthName ByPassword
AuthType Basic
<Limit GET>
require group my-users
</Limit>

Then make sure you have one blank line at the bottom of your .htaccess file, otherwise you will get a Malformed Header message.

Create a group file

Name the group file .htgroup and put it in the directory that you specified in the AuthGroupFile line, then enter the following information:

my-users: name1 name2 name3

Where name is the name of the user you want to add.

Use the htpasswd command without the -c flag to add additional users as shown here:

htpasswd /home/WWW_pages/loginname/password-dir/.htpasswd
name1
htpasswd /home/WWW_pages/loginname/password-dir/.htpasswd
name2
htpasswd /home/WWW_pages/loginname/password-dir/.htpasswd
name3

Where /home/WWW_pages/loginname/password-dir/.htpasswd is the full path to the password file, and name is the name of the user you want to add.

After each name the program will ask you twice for the password.

Why do I get a Malformed Header error message when I access my protected directory?

There could be several reasons why the server would return an error message to you. The most common are:

  • You need to have one blank line at the end of your .htaccess file.
  • The .htaccess file has to be in the directory that is is going to password protect.
  • If you used a graphical HTML editor to make your web page, then it probably changed some of your code.

Often HTML editors will replace the < and > with &lt; and &gt; so your code is not parsed by the web browser. You need to change the &lt; and &gt; with < and > in your HTML file and save it again. If your HTML editor won't allow

For you to do this, then you will need to use a text editor like Notepad or Simpletext.

Make sure your file matches the the code above.

How do I remove a user?

Open the .htpasswd file in a text editor and delete the line that starts with the user's name. The file should look something like this:

sally:v3l0KWx6v8mQM
harry:x4DtaLTqsElC2

Then save and close the .htpasswd file.

How do I add a user?

To have multiple users, you must use a [ht2 group file]. If your .htaccess file is already set up for a group, then you just need to type the following at the shell prompt:

htpasswd .htpasswd harry

Is there a cool tool to help me use htaccess?

.htaccess Password Tool (thanks to derk@sonic.net)

Please note that programming, including .htaccess, is unsupported by our Customer Service team.

Why do I get a Malformed Header error message?

There could be several reasons why the server would return an error message to you. The most common are:

  • You need to have one blank line at the end of your .htaccess file.
  • There may be a typo or syntax error in the .htaccess file itself. Carefully inspect the content of the file.
  • The .htaccess file may not actually be in a plain-text format. Many text editors will save formatting information in addition to the text.
  • When uploading the .htaccess file to the Sonic.net web servers, it is necessary to use the ASCII transmission mode. If this is not done, the file may use linefeed characters that will be interpreted as typos when the .htaccess file is read by the server.