Commenting .htaccess Code

by Oxygen - 05-04-2015, 03:54 PM
<div class="postbit-usertitle">
Posts:
646
Joined:
Feb 2015
Likes:
44
Credits:
1,126
Reputation:
33
2 Years of Service
#1
OP
Posted: 05-04-2015, 03:54 PM
Note my content, leaked it

Commenting .htaccess code
Comments in the .htaccess file are allowed on a per-line basis, each line of comments is preceded by the # (pound) sign. Comments running over several lines require thus multiple # signs. It’s also advised to use only letters, numbers, dashes, and underscores in the comments. This safe practice will contribute in avoiding potential server parsing errors.
Code:
# this is a comment
# each line must have its own pound sign
# only use letters and numbers along with dashes - and underscores _

Enable Basic Rewriting
To ensure mod_rewrite (basic rewriting) is enabled on your site, add the following line to your site’s root htaccess file:
Code:
# enable basic rewriting
RewriteEngine on

Enable Symbolic Links
Enable symbolic links (symlinks) by adding the following directive to the .htaccess file.

Code:
# enable symbolic links
Options +FollowSymLinks

Some webhosting companies may have swapped FollowSymLinks to SymLinksIfOwnerMatch due to security reasons. Check with your provider which directive should be used.

What is order allow,deny?
Order allow,deny is a setting in your Apache web server configuration that is used to allow or restrict access.

The allow directive affects who can access an area of the server or website. Access is usually controlled by hostname, IP address, or IP address range.

The deny directive restricts access to the server. Restrictions can be based again on hostname, IP address, or environment variables.

Order allow,deny tells your server that the allow rules are processed before the deny rules. If the client does not match the allow rule or it does match the deny rule, then the client will be denied access.

Order deny, allow means that the deny rules are processed before the allow rules. If the client does not match the deny rule or it does match the allow rule, then it will be granted access.


Deny Access to .htaccess

Any attempt to access the .htaccess file will result in a 403 error message.
Code:
# locked htaccess file
< Files .htaccess>
order allow,deny
deny from all
< /Files>

Deny Access to a Specific File

Similar to the above example you can restrict access to a specific file by simply adding the following code. Edit the file name accordingly.[/b]
Code:
# deny viewing of a specific file
<files myfile.png>
order allow,deny
deny from all
</files>

Deny Access to Multiple File Types
To restrict access to certain file types, add the following code and edit the file types you wish to protect. As you might notice you need to escape the dot (.) this is done by typing a backslash (\) in front of the character that needs escaping.
Code:
<FilesMatch "\.(htaccess|ini|log)$">
Order allow,deny
deny from all
</FilesMatch>

Disable Directory Browsing
If your site does not have default index page everything within the root of your site will be accessible to all visitors. Disabling directory browsing will instruct the server to display a "403 Forbidden - Authorization Required" message for any request to view a directory.
Code:
# deny directory browsing
Options All -Indexes

To enable directory browsing, use the following directive:
Code:
# allow directory browsing
Options All +Indexes

The following rule will prevent the server from listing directory contents:
Code:
# deny folder listing
IndexIgnore *

The IndexIgnore directive can also be used to prevent the display of select file types:
Code:
# no display of select file types
IndexIgnore *.wmv *.mp4 *.avi *.etc

Deny Access to a Specific Directory / Folder
Restricting directory / folder access is probably one of the most frequently used .htaccess techniques. To deny all requests for the restricted directory or folder, prepare a .htaccess file in that directory and put the following directive in it:
Code:
# deny directory access
deny from all

Allow access from a certain IP (where xxx.xxx.xxx.xxx is your IP):
Code:
# deny directory access and allow your IP
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx

There is a different way to archive the same objective by using the code below (where xxx.xxx.xxx.xxx is your IP):
Code:
# deny directory access and allow your IP
IndexIgnore .htaccess * */.??* *~ *#
DirectoryIndex index.php index.html

RewriteCond %{REMOTE_ADDR} !^xxx\.xxx\.xxx\.xxx
RewriteRule .* - [F,L]

RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^yourdomain\.com
RewriteRule (.*) http://yourdomain.com/directory_to_deny_access_to/$1 [R=301,L]

Set A Default Index Page
The rule below tells the server to display "content.html" as the default directory index.
Code:
# display other default index page
DirectoryIndex content.html

This rule is similar, but the server will search the root folder for the listed files and load the first match it encounters.

Code:
# show first available default index page from list
DirectoryIndex index.html index.php default.html

Redirecting www Requests
Redirect http://www.yoursite.com HTTP requests to yoursite.com using a 301 redirect.
Code:
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^yoursite\.com
RewriteRule (.*) http://yoursite.com/$1 [R=301,L]

If your site uses HTTPS, then this code will need to be modified to preserve the http / https in the incoming requests.

Code:
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^yoursite\.com
RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$
RewriteRule (.*) http://yoursite.com/$1 [R=301,L]

Custom Error Documents
The .htaccess file is where most people configure their error documents:
Code:
# serve custom error pages
ErrorDocument 400 /errors/400.html
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html

[Image: UeTXrZ5.png]
lucosius
02-05-2015, 11:45 AM
oldmike
07-04-2015, 04:56 PM
Novice
Posts:
25
Joined:
Apr 2015
Likes:
1
Credits:
19
Reputation:
0
1 Year of Service
#2
Posted: 08-04-2015, 08:45 PM
Cheers @Oxygen Smile . I'll be saving this as I can never remember this info.
Novice
Posts:
49
Joined:
Apr 2015
Likes:
4
Credits:
7
Reputation:
0
1 Year of Service
#3
Posted: 02-05-2015, 11:46 AM
Thanks for useful information!
Freak
Posts:
3,293
Joined:
Jan 2015
Likes:
220
Credits:
4,912
Reputation:
119
2 Years of Service
#4
Posted: 02-05-2015, 01:39 PM
That's a really nice share with a lot of valuable information.
We are!
Posts:
1,045
Joined:
Jan 2015
Likes:
107
Credits:
1,818
Reputation:
25
2 Years of Service
#5
Posted: 02-05-2015, 01:40 PM
I have to admit, this is a very good thread for those who doesn't know that much about .htaccess.
The last reply on this thread is older than a month. Please do not unnecessarily bump it.
Register an account or login to reply
Create an account
Create a free account today and start posting right away. It only takes a few seconds.
Login
Log into an existing account.
1 Guest(s)