331 lines
11 KiB
HTML
331 lines
11 KiB
HTML
|
|
<style type="text/css">
|
|
#toc div { font-size: 150%; }
|
|
code { background-color: #ddd; padding: 2px; }
|
|
</style>
|
|
|
|
<h1>.htaccess recipes</h1>
|
|
|
|
<div id="toc">
|
|
|
|
<div>Contents</div>
|
|
|
|
<ol>
|
|
<li>
|
|
<a href="#intro">Introduction</a>
|
|
</li>
|
|
<li>
|
|
<a href="#recipes">Recipes</a>
|
|
<ol>
|
|
<li><a href="#redir-error">Redirect to a custom error page</a></li>
|
|
<li><a href="#deny-dir">Deny directory listing</a></li>
|
|
<li><a href="#addtype">Add (or force) MIME-type</a></li>
|
|
<li><a href="#no-ext">Access files without specifying the extension
|
|
<ul><li><a href="#add-ext">I want to access files without
|
|
extension, but my (cgi|pl|php) is not found</a></li></ul></li>
|
|
<li><a href="#remove-handler">Serve .pl .php .cgi etc. as plain text files</a></li>
|
|
<li><a href="#download">Force a download with a specific filename</a></li>
|
|
<li><a href="#charset">Specify a default character encoding</a></li>
|
|
<li><a href="#password">Password protect your directories</a></li>
|
|
<li><a href="#forcessl">Force visitors to use SSL/HTTPS</a></li>
|
|
</ol>
|
|
</li>
|
|
</ol>
|
|
|
|
</div>
|
|
|
|
<h2><a name="intro"></a>Introduction</h1>
|
|
|
|
<p>
|
|
<q>.htaccess</q> is the default file used by the <a
|
|
href="http://httpd.apache.org/" rel="external">Apache HTTP server</a> (and
|
|
others) in order to allow dynamic configuration. It's a plain text file that
|
|
uses the same syntax present in the main configuration files (e.g.,
|
|
httpd.conf). It can contain a subset of Apache directives. The size of this
|
|
subset depends on wheter the directives can be overridden or not (and this
|
|
is present in the server configuration). In the Apache documentation you can
|
|
see if a directive can be placed in a .htaccess file by checking that in the
|
|
<q>Context:</q> line appears <q>.htaccess</q>. For instace, it's possible
|
|
for the <q><a href="http://httpd.apache.org/docs/2.2/mod/core.html#forcetype"
|
|
rel="external">ForceType</a></q> directive, but it's not for the <q>
|
|
<a href="http://httpd.apache.org/docs/2.2/mod/core.html#errorlog"
|
|
rel="external">ErrorLog</a></q> directive.
|
|
file.
|
|
</p>
|
|
|
|
<p>
|
|
The configuration directives placed in a .htaccess file will take effect
|
|
immediately when a document, located in the directory where the .htaccess
|
|
file is located and all subdirectories, is accessed. The server will also
|
|
search for .htaccess files in all the parent directories. If there is a
|
|
conflicting configuration directive, the server will apply the one that is
|
|
in the .htaccess file closer to the requested resource. For instance, suppose
|
|
that <q>X</q> and <q>Y</q> are two generic options. If you have
|
|
<code>Options +X -Y</code> in $HOME/html/.htaccess and
|
|
<code>Options -X</code> in $HOME/html/files/test/.htaccess, when
|
|
you access a file in http://YOURUSERNAME.freeshell.org/files/test/ (and all
|
|
subdirectories, unless you have another .htaccess file that reverts the
|
|
configuration) options <q>X</q> and <q>Y</q> will be disabled, but if you
|
|
access a file in http://YOURUSERNAME.freeshell.org/files/ (and above) option
|
|
<q>X</q> will be enabled and option <q>Y</q> disabled.
|
|
</p>
|
|
|
|
<p>
|
|
Remember that .htaccess files must be readable by the server, so you can
|
|
<code>chmod 640 .htaccess</code> in order to give it the correct
|
|
permissions. It's, however, a good practice to run <code>mkhomepg -p</code>
|
|
in your SDF shell everytime you play with files in your <q>html</q>
|
|
directory.
|
|
</p>
|
|
|
|
<p>
|
|
Additional information about .htaccess files can be found in:
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li>
|
|
<a href="http://httpd.apache.org/docs/2.2/howto/htaccess.html"
|
|
rel="external">Apache Tutorial: .htaccess files</a>
|
|
</li>
|
|
|
|
<li>
|
|
<a href="http://wiki.apache.org/httpd/Htaccess" rel="external">Httpd
|
|
Wiki > Htaccess</a>
|
|
</li>
|
|
|
|
<li>
|
|
<a href="http://www.htaccess-guide.com/"
|
|
rel="external">htaccess-guide.com</a>
|
|
</li>
|
|
|
|
</ul>
|
|
|
|
<p>
|
|
OK, let's see some recipes. The URL http://YOURUSERNAME.freeshell.org/ will
|
|
be used in the examples, so modify it to suit your needs and remember that
|
|
your .htaccess file will be placed in $HOME/html/ or in directories under
|
|
it. Examples solve a specific issue, but they can give you an idea on how to
|
|
deal with something more generic (i.e., an example could be referred to .pl
|
|
files, but with a search of the mentioned directives you could generalise
|
|
it). If you need some help, jump on com or post your request on bboard.
|
|
</p>
|
|
|
|
<h2><a name="recipes"></a>Recipes</h2>
|
|
|
|
<h3><a name="redir-error"></a>Redirect to a custom error page</h3>
|
|
|
|
<p>
|
|
Do you want your visitors see your custom error pages when something goes
|
|
wrong (e.g., a <q>page not found</q> error)? There's already a tutorial
|
|
about it: <a
|
|
href="http://sdf.org/index.cgi?tutorials/errorpage">http://sdf.org/index.cgi?tutorials/errorpage</a>
|
|
</p>
|
|
|
|
<h3><a name="deny-dir"></a>Deny directory listing</h3>
|
|
|
|
<p>
|
|
If you type http://YOURUSERNAME.freeshell.org/pics/ you will see a list
|
|
of the files present in <q>pics</q>. Probably you don't want this (if
|
|
you don't want that other people see your private stuff, don't put it
|
|
on-line, or, at least,
|
|
<a href="http://freeshell.org/index.cgi?faq?WEB?04">password protect
|
|
them</a>). Add this to your .htaccess file:
|
|
</p>
|
|
|
|
<code>
|
|
Options -Indexes
|
|
</code>
|
|
|
|
<h3><a name="addtype"></a>Add (or force) MIME-type</h3>
|
|
|
|
<p>
|
|
The server could not be aware of all kind of files out there, so will have
|
|
some troubles trying to figure out what to do with an unknown extension. You
|
|
can tell the server what to do with unknown file types. Say you have a <a
|
|
href="http://en.wikipedia.org/wiki/Cabinet_(file_format)"
|
|
rel="external">.cab</a> file. Apache will communicate to your user agent the
|
|
correct information about the file with:
|
|
</p>
|
|
|
|
<code>
|
|
AddType application/vnd.ms-cab-compressed .cab
|
|
</code>
|
|
|
|
<p>
|
|
<q>AddType</q> is the directive, <q>application/vnd.ms-cab-compressed</q> is
|
|
the MIME-type present in the <q>Content-Type:</q> entry in the HTTP headers
|
|
sent by Apache, and <q>.cab</q> is the extension.
|
|
</p>
|
|
|
|
<p>
|
|
Even if the server knows what's the MIME-type of a specific file extension,
|
|
you could prefer it to use another one. Let's say that you want <q>.html</q>
|
|
files to be served as <q>application/xhtml+xml</q> (because you are
|
|
hardcore). Try this:
|
|
</p>
|
|
|
|
<code>
|
|
AddType application/xhtml+xml .html
|
|
</code>
|
|
|
|
</p>
|
|
You can look for common
|
|
MIME-type on
|
|
<a href="http://en.wikipedia.org/wiki/Internet_media_type#List_of_common_media_types"
|
|
rel="external">wikipedia</a> or read a full list on
|
|
<a href="http://www.iana.org/assignments/media-types/"
|
|
rel="external">IANA's website</a>.
|
|
</p>
|
|
|
|
|
|
<h3><a name="no-ext"></a>Access files without specifying the extension</h3>
|
|
|
|
<p>
|
|
It could be desiderable to avoid specifying extensions for your html pages.
|
|
Why? Suppose you've always used
|
|
http://YOURUSERNAME.freeshell.org/contact.php in your .sig and, at some
|
|
point, you decide that you want to use perl, so that the new address is
|
|
http://YOURUSERNAME.freeshell.org/contact.pl. Unless you take other actions
|
|
(redirection) people that go to the old address will find a 404 page. It
|
|
would be better to use http://YOURUSERNAME.freeshell.org/contact so that you
|
|
can go crazy and rewrite your site with all known languages as frequently as
|
|
you want.
|
|
</p>
|
|
|
|
<p>
|
|
You can use URIs without extensions with:
|
|
</p>
|
|
|
|
<code>
|
|
Options +MultiViews
|
|
</code>
|
|
|
|
<h4><a name="add-ext"></a>I want to access files without extension, but my (cgi|pl|php) is not
|
|
found</h4>
|
|
|
|
<p>
|
|
Suppose that you have a cgi file called <q>script.cgi</q> and that, <b>once
|
|
you enable <q>MultiViews</q></b> (see above), when you access
|
|
http://YOURUSERNAME.freeshell.org/script you get a 404 page. It's likely
|
|
that the server have some problems in determining the MIME-type. In this
|
|
case, put in your .htaccess file:
|
|
</p>
|
|
|
|
<code>
|
|
AddType application/x-httpd-cgi .cgi
|
|
</code>
|
|
|
|
<p>
|
|
If you have perl and/or php files, add (modify the extension as needed):
|
|
</p>
|
|
|
|
<code>
|
|
AddType application/x-httpd-php .php
|
|
AddType application/x-httpd-perl .pl
|
|
</code>
|
|
|
|
<h3><a name="remove-handler"></a>Serve .pl .php .cgi etc. as plain text files</h3>
|
|
|
|
<p>
|
|
If you want the server to execute your files, in order to be able to read
|
|
the code of some specific files, you can remove the handlers. Let's say that
|
|
the code you want to read is located in $HOME/html/code/. Now, you can put
|
|
in $HOME/html/code/.htaccess the following bits:
|
|
</p>
|
|
|
|
<code>
|
|
RemoveHandler .pl .php .cgi
|
|
</code>
|
|
|
|
<h3><a name="download"></a>Force a download with a specific filename</h3>
|
|
|
|
<p>
|
|
Let's say that you have a pdf file with an unintuitive name
|
|
<q>aaa222.pdf</q>. You might want to force a download when people
|
|
access the file and, in doing so, specify a default file name for the file
|
|
that will be saved. This will do the job:
|
|
</p>
|
|
|
|
<code>
|
|
<Files x.cab>
|
|
Header set Content-Disposition "attachment; filename=Thesis.pdf"
|
|
</Files>
|
|
</code>
|
|
|
|
<h3><a name="charset"></a>Specify a default character encoding</h3>
|
|
|
|
<p>
|
|
If you want all your html documents to be served with UTF-8 as the default
|
|
encoding (or <q>charset</q>):
|
|
</p>
|
|
|
|
<code>
|
|
AddCharset UTF-8 .html
|
|
</code>
|
|
|
|
<p>
|
|
<q>UTF-8</q> was used as an example, but you can use whatever encoding is
|
|
appropriate. Note also that in the example only files with extension
|
|
<q>html</q> will have a default encoding. If you want to extend that
|
|
behaviour to other file extensions, add them on the same line. For instance,
|
|
<code>AddCharset UTF-8 .html .htm .txt</code>.
|
|
</p>
|
|
|
|
<p>
|
|
This can also be useful if you want that only pages written in a specific
|
|
language are served with a default encoding, while the others use the
|
|
encoding sent normally by the server. So, suppose that you're usin <a
|
|
href="http://www.w3.org/International/questions/qa-when-lang-neg"
|
|
rel="external">language negotiation</a> and have resources in two languages,
|
|
english (with extension <q>en.html</q>) and chinese (with extension
|
|
<q>cn.html</q>). With the following line:
|
|
</p>
|
|
|
|
<code>
|
|
AddCharset UTF-8 .cn
|
|
</code>
|
|
|
|
<p>
|
|
only <q>.cn.html</q> files will have UTF-8 as the default encoding. (The
|
|
order of the language in the extension is not relevant, i.e., the files
|
|
could have been <q>html.en</q> and <q>html.cn</q>; also, the leading dot in
|
|
the extension in the .htaccess file is optional).
|
|
</p>
|
|
|
|
<h3><a name="password"></a>Password protect your directories</h3>
|
|
|
|
<p>
|
|
This is a FAQ:
|
|
<a href="http://sdf.org/index.cgi?faq?WEB?04">http://sdf.org/index.cgi?faq?WEB?04</a>
|
|
</p>
|
|
|
|
<h3><a name="forcessl">Force visitors to use SSL/HTTPS</a></h3>
|
|
|
|
<p>
|
|
As SDF expands its support of <a href="https://letsencrypt.org/">Let's
|
|
Encrypt</a>, offering free SSL certificates, you may wish to require all
|
|
visitors of your site to use HTTPS. (This also may improve your search
|
|
engine ranking, and many Web browsers will soon flag non-SSL sites as
|
|
"Not Secure.") Adding this to the .htaccess file in your
|
|
site's root directory will redirect your non-HTTPS visitors accordingly:
|
|
</p>
|
|
|
|
<pre>
|
|
RewriteEngine On
|
|
RewriteCond %{HTTPS} off
|
|
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
|
|
</pre>
|
|
|
|
<p>
|
|
|
|
If this suddenly renders your whole site inaccessible, be sure the
|
|
permissions on the .htaccess file itself are suitable (chmod 644, or run
|
|
<code>mkhomepg -p</code>) -- the default umask will not allow the Web
|
|
server itself to read your .htaccess file.
|
|
|
|
</p>
|
|
|
|
<div id="rcs_tag">$Id: htaccess.html,v 1.3 2018/07/30 15:30:01 dave Exp $</div>
|
|
|