tutes-dump/site-tutorials/htaccess.html

331 lines
11 KiB
HTML

<style type="text/css">
#toc div { font-size: 150%; }
code { background-color: #ddd; padding: 2px; }
</style>
<h1>.htaccess recipes</h1>
<div id="toc">
<div>Contents</div>
<ol>
<li>
<a href="#intro">Introduction</a>
</li>
<li>
<a href="#recipes">Recipes</a>
<ol>
<li><a href="#redir-error">Redirect to a custom error page</a></li>
<li><a href="#deny-dir">Deny directory listing</a></li>
<li><a href="#addtype">Add (or force) MIME-type</a></li>
<li><a href="#no-ext">Access files without specifying the extension
<ul><li><a href="#add-ext">I want to access files without
extension, but my (cgi|pl|php) is not found</a></li></ul></li>
<li><a href="#remove-handler">Serve .pl .php .cgi etc. as plain text files</a></li>
<li><a href="#download">Force a download with a specific filename</a></li>
<li><a href="#charset">Specify a default character encoding</a></li>
<li><a href="#password">Password protect your directories</a></li>
<li><a href="#forcessl">Force visitors to use SSL/HTTPS</a></li>
</ol>
</li>
</ol>
</div>
<h2><a name="intro"></a>Introduction</h1>
<p>
<q>.htaccess</q> is the default file used by the <a
href="http://httpd.apache.org/" rel="external">Apache HTTP server</a> (and
others) in order to allow dynamic configuration. It's a plain text file that
uses the same syntax present in the main configuration files (e.g.,
httpd.conf). It can contain a subset of Apache directives. The size of this
subset depends on wheter the directives can be overridden or not (and this
is present in the server configuration). In the Apache documentation you can
see if a directive can be placed in a .htaccess file by checking that in the
<q>Context:</q> line appears <q>.htaccess</q>. For instace, it's possible
for the <q><a href="http://httpd.apache.org/docs/2.2/mod/core.html#forcetype"
rel="external">ForceType</a></q> directive, but it's not for the <q>
<a href="http://httpd.apache.org/docs/2.2/mod/core.html#errorlog"
rel="external">ErrorLog</a></q> directive.
file.
</p>
<p>
The configuration directives placed in a .htaccess file will take effect
immediately when a document, located in the directory where the .htaccess
file is located and all subdirectories, is accessed. The server will also
search for .htaccess files in all the parent directories. If there is a
conflicting configuration directive, the server will apply the one that is
in the .htaccess file closer to the requested resource. For instance, suppose
that <q>X</q> and <q>Y</q> are two generic options. If you have
<code>Options +X -Y</code> in $HOME/html/.htaccess and
<code>Options -X</code> in $HOME/html/files/test/.htaccess, when
you access a file in http://YOURUSERNAME.freeshell.org/files/test/ (and all
subdirectories, unless you have another .htaccess file that reverts the
configuration) options <q>X</q> and <q>Y</q> will be disabled, but if you
access a file in http://YOURUSERNAME.freeshell.org/files/ (and above) option
<q>X</q> will be enabled and option <q>Y</q> disabled.
</p>
<p>
Remember that .htaccess files must be readable by the server, so you can
<code>chmod 640 .htaccess</code> in order to give it the correct
permissions. It's, however, a good practice to run <code>mkhomepg -p</code>
in your SDF shell everytime you play with files in your <q>html</q>
directory.
</p>
<p>
Additional information about .htaccess files can be found in:
</p>
<ul>
<li>
<a href="http://httpd.apache.org/docs/2.2/howto/htaccess.html"
rel="external">Apache Tutorial: .htaccess files</a>
</li>
<li>
<a href="http://wiki.apache.org/httpd/Htaccess" rel="external">Httpd
Wiki &gt; Htaccess</a>
</li>
<li>
<a href="http://www.htaccess-guide.com/"
rel="external">htaccess-guide.com</a>
</li>
</ul>
<p>
OK, let's see some recipes. The URL http://YOURUSERNAME.freeshell.org/ will
be used in the examples, so modify it to suit your needs and remember that
your .htaccess file will be placed in $HOME/html/ or in directories under
it. Examples solve a specific issue, but they can give you an idea on how to
deal with something more generic (i.e., an example could be referred to .pl
files, but with a search of the mentioned directives you could generalise
it). If you need some help, jump on com or post your request on bboard.
</p>
<h2><a name="recipes"></a>Recipes</h2>
<h3><a name="redir-error"></a>Redirect to a custom error page</h3>
<p>
Do you want your visitors see your custom error pages when something goes
wrong (e.g., a <q>page not found</q> error)? There's already a tutorial
about it: <a
href="http://sdf.org/index.cgi?tutorials/errorpage">http://sdf.org/index.cgi?tutorials/errorpage</a>
</p>
<h3><a name="deny-dir"></a>Deny directory listing</h3>
<p>
If you type http://YOURUSERNAME.freeshell.org/pics/ you will see a list
of the files present in <q>pics</q>. Probably you don't want this (if
you don't want that other people see your private stuff, don't put it
on-line, or, at least,
<a href="http://freeshell.org/index.cgi?faq?WEB?04">password protect
them</a>). Add this to your .htaccess file:
</p>
<code>
Options -Indexes
</code>
<h3><a name="addtype"></a>Add (or force) MIME-type</h3>
<p>
The server could not be aware of all kind of files out there, so will have
some troubles trying to figure out what to do with an unknown extension. You
can tell the server what to do with unknown file types. Say you have a <a
href="http://en.wikipedia.org/wiki/Cabinet_(file_format)"
rel="external">.cab</a> file. Apache will communicate to your user agent the
correct information about the file with:
</p>
<code>
AddType application/vnd.ms-cab-compressed .cab
</code>
<p>
<q>AddType</q> is the directive, <q>application/vnd.ms-cab-compressed</q> is
the MIME-type present in the <q>Content-Type:</q> entry in the HTTP headers
sent by Apache, and <q>.cab</q> is the extension.
</p>
<p>
Even if the server knows what's the MIME-type of a specific file extension,
you could prefer it to use another one. Let's say that you want <q>.html</q>
files to be served as <q>application/xhtml+xml</q> (because you are
hardcore). Try this:
</p>
<code>
AddType application/xhtml+xml .html
</code>
</p>
You can look for common
MIME-type on
<a href="http://en.wikipedia.org/wiki/Internet_media_type#List_of_common_media_types"
rel="external">wikipedia</a> or read a full list on
<a href="http://www.iana.org/assignments/media-types/"
rel="external">IANA's website</a>.
</p>
<h3><a name="no-ext"></a>Access files without specifying the extension</h3>
<p>
It could be desiderable to avoid specifying extensions for your html pages.
Why? Suppose you've always used
http://YOURUSERNAME.freeshell.org/contact.php in your .sig and, at some
point, you decide that you want to use perl, so that the new address is
http://YOURUSERNAME.freeshell.org/contact.pl. Unless you take other actions
(redirection) people that go to the old address will find a 404 page. It
would be better to use http://YOURUSERNAME.freeshell.org/contact so that you
can go crazy and rewrite your site with all known languages as frequently as
you want.
</p>
<p>
You can use URIs without extensions with:
</p>
<code>
Options +MultiViews
</code>
<h4><a name="add-ext"></a>I want to access files without extension, but my (cgi|pl|php) is not
found</h4>
<p>
Suppose that you have a cgi file called <q>script.cgi</q> and that, <b>once
you enable <q>MultiViews</q></b> (see above), when you access
http://YOURUSERNAME.freeshell.org/script you get a 404 page. It's likely
that the server have some problems in determining the MIME-type. In this
case, put in your .htaccess file:
</p>
<code>
AddType application/x-httpd-cgi .cgi
</code>
<p>
If you have perl and/or php files, add (modify the extension as needed):
</p>
<code>
AddType application/x-httpd-php .php
AddType application/x-httpd-perl .pl
</code>
<h3><a name="remove-handler"></a>Serve .pl .php .cgi etc. as plain text files</h3>
<p>
If you want the server to execute your files, in order to be able to read
the code of some specific files, you can remove the handlers. Let's say that
the code you want to read is located in $HOME/html/code/. Now, you can put
in $HOME/html/code/.htaccess the following bits:
</p>
<code>
RemoveHandler .pl .php .cgi
</code>
<h3><a name="download"></a>Force a download with a specific filename</h3>
<p>
Let's say that you have a pdf file with an unintuitive name
<q>aaa222.pdf</q>. You might want to force a download when people
access the file and, in doing so, specify a default file name for the file
that will be saved. This will do the job:
</p>
<code>
&lt;Files x.cab&gt;
Header set Content-Disposition "attachment; filename=Thesis.pdf"
&lt;/Files&gt;
</code>
<h3><a name="charset"></a>Specify a default character encoding</h3>
<p>
If you want all your html documents to be served with UTF-8 as the default
encoding (or <q>charset</q>):
</p>
<code>
AddCharset UTF-8 .html
</code>
<p>
<q>UTF-8</q> was used as an example, but you can use whatever encoding is
appropriate. Note also that in the example only files with extension
<q>html</q> will have a default encoding. If you want to extend that
behaviour to other file extensions, add them on the same line. For instance,
<code>AddCharset UTF-8 .html .htm .txt</code>.
</p>
<p>
This can also be useful if you want that only pages written in a specific
language are served with a default encoding, while the others use the
encoding sent normally by the server. So, suppose that you're usin <a
href="http://www.w3.org/International/questions/qa-when-lang-neg"
rel="external">language negotiation</a> and have resources in two languages,
english (with extension <q>en.html</q>) and chinese (with extension
<q>cn.html</q>). With the following line:
</p>
<code>
AddCharset UTF-8 .cn
</code>
<p>
only <q>.cn.html</q> files will have UTF-8 as the default encoding. (The
order of the language in the extension is not relevant, i.e., the files
could have been <q>html.en</q> and <q>html.cn</q>; also, the leading dot in
the extension in the .htaccess file is optional).
</p>
<h3><a name="password"></a>Password protect your directories</h3>
<p>
This is a FAQ:
<a href="http://sdf.org/index.cgi?faq?WEB?04">http://sdf.org/index.cgi?faq?WEB?04</a>
</p>
<h3><a name="forcessl">Force visitors to use SSL/HTTPS</a></h3>
<p>
As SDF expands its support of <a href="https://letsencrypt.org/">Let's
Encrypt</a>, offering free SSL certificates, you may wish to require all
visitors of your site to use HTTPS. (This also may improve your search
engine ranking, and many Web browsers will soon flag non-SSL sites as
&quot;Not Secure.&quot;) Adding this to the .htaccess file in your
site's root directory will redirect your non-HTTPS visitors accordingly:
</p>
<pre>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</pre>
<p>
If this suddenly renders your whole site inaccessible, be sure the
permissions on the .htaccess file itself are suitable (chmod 644, or run
<code>mkhomepg -p</code>) -- the default umask will not allow the Web
server itself to read your .htaccess file.
</p>
<div id="rcs_tag">$Id: htaccess.html,v 1.3 2018/07/30 15:30:01 dave Exp $</div>