HTACCESS: Difference between revisions


No edit summary
mNo edit summary
 
(25 intermediate revisions by 4 users not shown)
Line 1: Line 1:
An .htaccess file can be used to customize some of the settings on your website, in the directory the file is located. The file is in basic text, and the filename must be exactly ".htaccess".  Here are some of the more common, useful .htaccess functions you can add to your site.  <br />
* This feature is only available for Professional hosting accounts.
* This feature is recommended for users of intermediate to advanced levels


* Any rules you set by .htacess will apply to all files in the directory you have placed the .htaccess file, and any of it's subdirectories.  The .htaccess rules in the current directory will override any .htaccess rules set in a parent directory.
==What Is It?==


* Any typos or mistakes in a .htaccess file will may result in a http 500 server error being returned when you try to visit that directory, and may render your entire site offline.  
.htaccess is a plain text file used to customize some web server settings for your website. It applies a set of configuration options to all files in the directory that the file is located. In addition, these options will also apply to subdirectories of that directory, unless a separate .htaccess file in those directories contains different settings.


.htaccess files are very picky about what you put in them so please be careful.
===Cautions===


It is important to follow these guidelines when editing .htaccess files:


* The filename must be exactly .htaccess - you can not use any other filename.
** If you have problems renaming a file to .htaccess in windows, open the file in Notepad, Choose "Save as.." and select "All types (*.*)" next to file type. Now type the filename ".htaccess" and click save.


*Do not attempt to turn safe mode off in a .htaccess file, this will not work and will cause your site to no longer load.
* Any rules you set with an .htaccess file will apply to all files in the directory you have placed the .htaccess file, and any of its subdirectories.  The .htaccess rules in the current directory will override any .htaccess rules set in a parent directory.  


*  Any typos or mistakes in a .htaccess file will may result in an HTTP 500 server error being returned when you try to visit that directory, and may render your entire site offline.  If this happens, you can still access your site with the File Manager on your Bravenet.com  website manager, or with any FTP program to undo your changes.


* Blocking another website linking to yours<br />
* .htaccess files are very picky about what you put in them so please be careful to use exact syntax.


Add the following to a .htaccess file in the directory containing the files you want to protect:
===Other Questions===
'''I can't see the .htaccess file in my FTP program.'''
Any file that starts with a '.' is considered a hidden file on Unix systems.  Some FTP programs will not show these 'dot files' by default.  Here's some instructions on how to enable hidden files for some of the more popular FTP programs:
*FileZilla
#View -> Show hidden files.


# go away!
*Cute FTP
RewriteEngine On
# Open the Site Manager (press F4) and click on the name of the relevant site.
RewriteCond %{HTTP_REFERER} ^http://badsite.com(.*)$ [NC] RewriteRule ^.* - [F,L]
# Click the Actions tab, then click Filter.
# Select the Enable Filtering check box.
# In Server side filtering, select the Enable Server Side Filtering check box.
# In the Remote Filter box, type -a.
# Click OK, then click Connect.


*WS_FTP Pro (12.4)
# Connections
# Site Manager
# Right click the site to display hidden files, click Properties
# Startup tab
# In Remote Filter Mask box enter -a


Entry should have a link to the apache url rewriting guide<br />
Remember, you can always use the File Manager on our web site manager page to easily upload or edit your .htaccess files.
http://httpd.apache.org/docs/2.3/misc/rewriteguide.html
 
==Using htaccess To...==
====Add a password to your site====
To protect your full folder, you will need two files:
# The .htaccess file - this is placed inside the folder you want to protect
# The .htpasswd file - this should be placed in a folder on your site where only you have access to edit it
 
The server path you need to add to the beginning of your AuthUserFile path is located within your Bravenet account. The AuthUserFile path should point to your password file. To get the path, login to your Bravenet.com account, click on Websites, click on your URL, and then scroll down to the Storage Path.  In this example, the storage path is <tt>/misc/12/345/678/901/2/user/web/securearea.mysite.org/</tt>
 
You would add the following to your .htaccess file:
<pre>
AuthUserFile /misc/12/345/678/901/2/user/web/securearea.mysite.org/.htpasswd
AuthName "Private Area"
AuthType Basic
require valid-user
</pre>
 
Your .htpasswd file would look something like this:
<pre>
bravenet:B3nlQW12jcynE
admin:cGyUX9QugYMgE
</pre>
The passwords stored in the .htpasswd file are encrypted - if you want admin's password to be <tt>password</tt>, you would first have to run <tt>password</tt> through a password generator, such as you can find [http://www.htaccesstools.com/htpasswd-generator/ here], getting <tt>cGyUX9QugYMgE</tt>.  This would be be the password you would place in the .htpasswd file.  Now, when visiting securearea.mysite.org, you would be prompted for a username and password. <tt>admin</tt> with the password of <tt>password</tt> would give you access to the site.


====Block another website from linking to yours====
Add the following to a .htaccess file in the directory containing the files you want to protect, and change the text "badsite.com" to be the exact name of the website you want to block:


* Enabling or disabling error reporting in PHP
<pre>
Add the following lines to your .htaccess file to enable error reporting.
# go away!
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://badsite.com(.*)$ [NC] RewriteRule ^.* - [F,L]
</pre>
====Use custom error pages====
If you would like to have custom error pages, you can add the following to your .htaccess file:
<pre>
ErrorDocument 404 404.php
ErrorDocument 403 403.php
ErrorDocument 500 500.php
ErrorDocument 401 401.php
</pre>
Now if someone visits, for example, <tt>www.yoursite.com/this_page_does_not_exist</tt> they will get served 404.php as an error page instead of the default <tt>404_not_found.html</tt> page.


Options +FollowSymlinks
====Enable or disable error reporting in PHP====
RewriteEngine on
Add the following lines to your .htaccess file to enable error reporting:
php_flag display_errors on
php_value error_reporting 7


We have display_errors set to on by default for all users, this is to help inform you of problems when you are working on your site.
<pre>
Options +FollowSymlinks
RewriteEngine on
php_flag display_errors on
php_value error_reporting 7
</pre>


If you would rather suppress this warnings to yourself and visitors you can add the following to a .htaccess file in the same directory with your php.
We have display_errors set to "on" by default for all users - this is to help inform you of problems when you are working on your site.  You may want to turn that off when you are ready to show your site off to the world - use the following to disable errors:
<pre>
php_value display_errors 0
</pre>


php_value display_errors 0
When errors are disabled, the visitor will only see a blank page when an error is encountered, instead of several lines of PHP code and error messages.


Note that with display_errors off you will simply get a blank page if php encounters an error on your site.
====Enable the "Register Globals" PHP flag====
Add the following only if your PHP code specifically requires this setting.  It does have some security implications, so you should only use it if you need to.  In addition, this setting will no longer be an option once PHP 6.0 is released, so please consider staying clear of PHP code that requires this setting.


<pre>
php_value register_globals 1
</pre>


====Limiting access to your website based by IP address====


* If you require register_globals to be on for older php scripts you can enable it by adding
Add the following to a .htaccess file in the directory you want to protected:


php_value register_globals 1
<pre>
# allow access to just two ips
Order Allow,Deny
# my home ip, my work ip
allow from 168.55.55.11 58.66.12.79
</pre>


to a .htaccess file. Although we strongly caution against it due to security implications for your site.
Be careful as you may lock yourself out of your own site. If this happens, you can always access your site with a ftp program or with our File Manager tool and remove or modify the .htaccess file. People who are blocked from your site will be shown the 403 error page (by default <tt>403_forbidden.html</tt>)


Similarly, to block people from specific ip addresses from accessing your site, you could add the following to your .htaccess file:
<pre>
# Block all access from 192.168.10.5
Order Deny,Allow
Deny from 192.168.10.5
</pre>


====Hide .php extensions to make your website address look cleaner====
If you want to hide .php extensions to make your site appear more "clean" you can add the following to a .htaccess file:


*Limiting access to your website based on ip with .htaccess.
<pre>
Options +MultiViews
</pre>


Create a .htaccess file in the directory you want to protected and add something similar to the following:
Now, for example, instead of seeing <tt>http://yoursite.com/dem.php?forum=1</tt> you would see <tt>http://yoursite.com/dem?forum=1</tt>. Be careful with this though, as it can lead to unexpected results.  As always, test your changes thoroughly!


# allow access to just me!
====Add a MIME type to the webserver====
  order allow,deny
Adding a MIME type to the server allows visitors to your website to be prompted to open files directly into the correct application. For example, if you have some java programs on your website, and want visitors to be able to run those programs directly in Java webstart, you would add the following to your .htaccess file:
# my home ip, my work ip
allow from 168.55.55.11 58.66.12.79


but be careful as you may lock yourself out of your own site. Of course you can always go in via ftp and remove that.
<pre>
AddType application/x-java-jnlp-file JNLP
</pre>


====Enable compression for PHP files====
Bravenet use compression on certain files to make downloading websites a lot faster.  However, some files we leave uncompressed to avoid certain errors.  If you would like to enable compression on everything, add the following to your .htaccess file.  Make sure to test your entire site if you enable this option - some code does not like this setting.


<pre>
# enable compression for everything
SetOutputFilter DEFLATE
</pre>


* If you want to hide .php extensions to make your site appear more 'clean' you can do so with a .htaccess file with the following
====Enable PHP processing in non-.php files====
If you have a file with PHP code in it that's doesn't have the filename ending in <tt>.php</tt> (say, <tt>example_file.php5</tt>) you can force the web servers to treat it as PHP anyways:


Options +MultiViews
<pre>
AddType application/x-httpd-php .php5
</pre>


in the same directory as the php file.
You can put in any extension you want instead of .php5.  Note that putting .html or .htm will force the server to process *all* HTML files as PHP, which is significantly slower than the normal way of processing these files.


Now you can hit
==== Redirect HTTP to HTTPS ====


http://yoursite.com/dem?forum=1
<pre>
# Redirects http:// traffic to https://
# Bravenet uses a reverse proxy, hence X-Forwarded-Proto
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</pre>


instead of
====Wordpress root folder redirection====


http://yoursite.com/dem.php?forum=1
When installing Wordpress with our [[Installing Software | Software Installer]], it's not possible to install to your root folder, so you will need to choose a folder. If you want your installation to load when visiting a root address (ie: subdomain.yourdomain.com instead of it's installed path), you will need to configure your.htaccess file as follows:


be careful with this though, as it can lead to unexpected results.
<pre>
    # BEGIN WordPress redirect
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule %{REQUEST_URI} !^/wordpress/
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ /wordpress/$1
    RewriteRule ^(/)?$ /wordpress/index.php [L]
    </IfModule>
    # END WordPress redirect
</pre>


Assuming your Wordpress installation path is yourdomain.com/wordpress - this code in the .htaccess file in your root directory will work to redirect your domain address to your wordpress installation folder, while maintaining yourdomain.com as the address in your browser's address bar.


Ensure that you CTRL-F5 force refresh the page. If the changes are still not visible, clear your browser's [[Old pages still appear after making changes | cache of temporary files]].


* Mime Types - Java webstart
===Resources===
Creating an .htaccess file with the following line will enable java webstart jnlp Mime type.


AddType application/x-java-jnlp-file JNLP
http://www.htaccesstools.com/
*This website has an excellent .htaccess generator, and more information about .htaccess files.


http://www.htaccesseditor.com/
* Another tool to create .htaccess files


If users want to enable the 'compress everything including .php' we used to have they will now have to add the following to a .htaccess file in their foo.com/ directory:
http://httpd.apache.org/docs/2.3/misc/rewriteguide.html
* Apache's rewrite guide has more information on using rewrite rules.


# enable compression for everything
[[Category:Websites]]
SetOutputFilter DEFLATE
[[Category:PHP]]

Latest revision as of 15:48, 28 March 2019

  • This feature is only available for Professional hosting accounts.
  • This feature is recommended for users of intermediate to advanced levels

What Is It?

.htaccess is a plain text file used to customize some web server settings for your website. It applies a set of configuration options to all files in the directory that the file is located. In addition, these options will also apply to subdirectories of that directory, unless a separate .htaccess file in those directories contains different settings.

Cautions

It is important to follow these guidelines when editing .htaccess files:

  • The filename must be exactly .htaccess - you can not use any other filename.
    • If you have problems renaming a file to .htaccess in windows, open the file in Notepad, Choose "Save as.." and select "All types (*.*)" next to file type. Now type the filename ".htaccess" and click save.
  • Any rules you set with an .htaccess file will apply to all files in the directory you have placed the .htaccess file, and any of its subdirectories. The .htaccess rules in the current directory will override any .htaccess rules set in a parent directory.
  • Any typos or mistakes in a .htaccess file will may result in an HTTP 500 server error being returned when you try to visit that directory, and may render your entire site offline. If this happens, you can still access your site with the File Manager on your Bravenet.com website manager, or with any FTP program to undo your changes.
  • .htaccess files are very picky about what you put in them so please be careful to use exact syntax.

Other Questions

I can't see the .htaccess file in my FTP program. Any file that starts with a '.' is considered a hidden file on Unix systems. Some FTP programs will not show these 'dot files' by default. Here's some instructions on how to enable hidden files for some of the more popular FTP programs:

  • FileZilla
  1. View -> Show hidden files.
  • Cute FTP
  1. Open the Site Manager (press F4) and click on the name of the relevant site.
  2. Click the Actions tab, then click Filter.
  3. Select the Enable Filtering check box.
  4. In Server side filtering, select the Enable Server Side Filtering check box.
  5. In the Remote Filter box, type -a.
  6. Click OK, then click Connect.
  • WS_FTP Pro (12.4)
  1. Connections
  2. Site Manager
  3. Right click the site to display hidden files, click Properties
  4. Startup tab
  5. In Remote Filter Mask box enter -a

Remember, you can always use the File Manager on our web site manager page to easily upload or edit your .htaccess files.

Using htaccess To...

Add a password to your site

To protect your full folder, you will need two files:

  1. The .htaccess file - this is placed inside the folder you want to protect
  2. The .htpasswd file - this should be placed in a folder on your site where only you have access to edit it

The server path you need to add to the beginning of your AuthUserFile path is located within your Bravenet account. The AuthUserFile path should point to your password file. To get the path, login to your Bravenet.com account, click on Websites, click on your URL, and then scroll down to the Storage Path. In this example, the storage path is /misc/12/345/678/901/2/user/web/securearea.mysite.org/

You would add the following to your .htaccess file:

AuthUserFile /misc/12/345/678/901/2/user/web/securearea.mysite.org/.htpasswd
AuthName "Private Area"
AuthType Basic
require valid-user

Your .htpasswd file would look something like this:

bravenet:B3nlQW12jcynE
admin:cGyUX9QugYMgE

The passwords stored in the .htpasswd file are encrypted - if you want admin's password to be password, you would first have to run password through a password generator, such as you can find here, getting cGyUX9QugYMgE. This would be be the password you would place in the .htpasswd file. Now, when visiting securearea.mysite.org, you would be prompted for a username and password. admin with the password of password would give you access to the site.

Block another website from linking to yours

Add the following to a .htaccess file in the directory containing the files you want to protect, and change the text "badsite.com" to be the exact name of the website you want to block:

# go away!
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://badsite.com(.*)$ [NC] RewriteRule ^.* - [F,L]

Use custom error pages

If you would like to have custom error pages, you can add the following to your .htaccess file:

ErrorDocument 404 404.php
ErrorDocument 403 403.php
ErrorDocument 500 500.php
ErrorDocument 401 401.php

Now if someone visits, for example, www.yoursite.com/this_page_does_not_exist they will get served 404.php as an error page instead of the default 404_not_found.html page.

Enable or disable error reporting in PHP

Add the following lines to your .htaccess file to enable error reporting:

Options +FollowSymlinks
RewriteEngine on
php_flag display_errors on
php_value error_reporting 7

We have display_errors set to "on" by default for all users - this is to help inform you of problems when you are working on your site. You may want to turn that off when you are ready to show your site off to the world - use the following to disable errors:

php_value display_errors 0

When errors are disabled, the visitor will only see a blank page when an error is encountered, instead of several lines of PHP code and error messages.

Enable the "Register Globals" PHP flag

Add the following only if your PHP code specifically requires this setting. It does have some security implications, so you should only use it if you need to. In addition, this setting will no longer be an option once PHP 6.0 is released, so please consider staying clear of PHP code that requires this setting.

php_value register_globals 1

Limiting access to your website based by IP address

Add the following to a .htaccess file in the directory you want to protected:

# allow access to just two ips
Order Allow,Deny
# my home ip, my work ip
allow from 168.55.55.11 58.66.12.79

Be careful as you may lock yourself out of your own site. If this happens, you can always access your site with a ftp program or with our File Manager tool and remove or modify the .htaccess file. People who are blocked from your site will be shown the 403 error page (by default 403_forbidden.html)

Similarly, to block people from specific ip addresses from accessing your site, you could add the following to your .htaccess file:

# Block all access from 192.168.10.5
Order Deny,Allow
Deny from 192.168.10.5

Hide .php extensions to make your website address look cleaner

If you want to hide .php extensions to make your site appear more "clean" you can add the following to a .htaccess file:

Options +MultiViews

Now, for example, instead of seeing http://yoursite.com/dem.php?forum=1 you would see http://yoursite.com/dem?forum=1. Be careful with this though, as it can lead to unexpected results. As always, test your changes thoroughly!

Add a MIME type to the webserver

Adding a MIME type to the server allows visitors to your website to be prompted to open files directly into the correct application. For example, if you have some java programs on your website, and want visitors to be able to run those programs directly in Java webstart, you would add the following to your .htaccess file:

AddType application/x-java-jnlp-file JNLP

Enable compression for PHP files

Bravenet use compression on certain files to make downloading websites a lot faster. However, some files we leave uncompressed to avoid certain errors. If you would like to enable compression on everything, add the following to your .htaccess file. Make sure to test your entire site if you enable this option - some code does not like this setting.

# enable compression for everything 
SetOutputFilter DEFLATE

Enable PHP processing in non-.php files

If you have a file with PHP code in it that's doesn't have the filename ending in .php (say, example_file.php5) you can force the web servers to treat it as PHP anyways:

AddType application/x-httpd-php .php5

You can put in any extension you want instead of .php5. Note that putting .html or .htm will force the server to process *all* HTML files as PHP, which is significantly slower than the normal way of processing these files.

Redirect HTTP to HTTPS

# Redirects http:// traffic to https://
# Bravenet uses a reverse proxy, hence X-Forwarded-Proto
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Wordpress root folder redirection

When installing Wordpress with our Software Installer, it's not possible to install to your root folder, so you will need to choose a folder. If you want your installation to load when visiting a root address (ie: subdomain.yourdomain.com instead of it's installed path), you will need to configure your.htaccess file as follows:

     # BEGIN WordPress redirect
     <IfModule mod_rewrite.c>
     RewriteEngine On
     RewriteRule %{REQUEST_URI} !^/wordpress/
     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteRule ^(.*)$ /wordpress/$1
     RewriteRule ^(/)?$ /wordpress/index.php [L]
     </IfModule>
     # END WordPress redirect

Assuming your Wordpress installation path is yourdomain.com/wordpress - this code in the .htaccess file in your root directory will work to redirect your domain address to your wordpress installation folder, while maintaining yourdomain.com as the address in your browser's address bar.

Ensure that you CTRL-F5 force refresh the page. If the changes are still not visible, clear your browser's cache of temporary files.

Resources

http://www.htaccesstools.com/

  • This website has an excellent .htaccess generator, and more information about .htaccess files.

http://www.htaccesseditor.com/

  • Another tool to create .htaccess files

http://httpd.apache.org/docs/2.3/misc/rewriteguide.html

  • Apache's rewrite guide has more information on using rewrite rules.