|
|
Advanced .htaccess tutorial
htaccess information Most hosting companies will host multiple domains on one server, and all the domains use the same Web server software installed on that server. This presents a problem. What if two Webmasters using the same server need different Web server configurations? Apache addressed this by using .htaccess files. Apache configurationApache, like any other software, has configuration files. Your host edits these global configuration files to serve as a default for all of the sites hosted on the server. The .htaccess file acts as a local configuration file so that individual Web sites can customize the configuration to suit their needs. The .htaccess fileThe .htaccess file is an ordinary text file that you can create using Notepad or any text editor and ftp it into your Web root directory. This file will contain the configuration statements (commands) to customize the Apache Web server software for your Web site. Note for Windows usersNotice that the file name starts with a period (.). This is to indicate to the Linux/Unix operating system that it is a system file that is used by a server application, not by a user of the system. However, with Windows, the period denotes a separator between a file's name and its extension. As a result, if you try and create an .htaccess file in Windows it won't have a name. To get around this, create a file called htaccess.txt, ftp that to the server, and then rename it to .htaccess once it's there. top Password Protecting from your web site The .htaccess is the AccessFileName in the most Apache Web servers, and it's a nice way for to password protect and/or configuration from your web site depending on the configuration off the web server. Below I have put some examples you can use.top Auth Basic
Basic Authentication allows the use restrict access by looking up users in plain text password files.
This is not a really secure password system, because the username and password are sending as plain text true the internet.
And the passwords in the password file are crypt in basic Unix crypt what not so difficult to crack.
But it's still the most common password protecting on the internet. OS: Unix, Linux, WinNT (with uncrypt passwords). For to password protect a directory and all the directories below. Put a file named .htaccess in the directory you want to password protect with the follow text. AuthUserFile /opt/guide/www.widexl.com/.htpasswd AuthType Basic AuthName "Member Page" require valid-user For to password protect the admin.pl script. You can use wildcards for this, like: "*.html" "*.zip" <files "admin.pl"> AuthUserFile /opt/guide/www.widexl.com/.htpasswd AuthType Basic AuthName "Administrator script" require valid-user </files> AuthUserFile: This is the full path to your password file AuthType: This need to be Basic. AuthName: This is the name (Realm) you want to give to your password protected site. top Auth Digest MD5 Digest authentication provides a more secure password system than Basic authentication, but only works with supporting browsers. The only major browsers which support digest authentication are Internet Explorer 5.0, Amaya and Konqueror from KDE2. I don't think its save for Big Brother, but it's always more save than Auth Basic. And most users are using Internet Explorer 5.0 or higher. Module: mod_digest (old version)Module: mod_auth_digest (new version) OS: Unix, Linux, WinNT. Don't use both modules on the same time. Setting up MD5 Digest authentication is easy. Put a file named .htaccess in the directory you want to password protect with the follow text. Example: mod_digest AuthDigestFile /opt/guide/www.widexl.com/.htpasswd AuthType Digest AuthName "Member Page" require valid-user Example: mod_auth_digest AuthDigestFile /opt/guide/www.widexl.com/.htpasswd AuthType Digest AuthName "Member Page" AuthDigestDomain /member/ http://www.widexl.com/members/ AuthDigestNonceLifetime 300 require valid-user AuthDigestFile: This is the full path to your password file AuthType: This need to be Digest. AuthName: This is the name (realm) you want to give to your password protected site. AuthDigestDomain: This should always be specified and contain at least the (set of) root URI(s). AuthDigestNonceLifetime: ?? Note: The "AuthName" is very important, it has to be the same like the "realm" in the password file. The "realm" is the second field in the password file. Example: One row in my password file is.root:Digest Member Page:eca0249f7bf2fb3515bd7e319f5c2ab5
Here is "root" the username, "Digest Member Page" the realm and This is a common mistake with MD5 Digest authentication, and it's needed because the password contains the username, realm and password. You can use the realm for making groups. top Auth MySQL MySQL authentication provides a more flexible and powerful system than Basic or Digest authentication. All the username's and passwords can be in One Big Database, and don't need to be on the same server where the password protected directory is. Module: mod_auth_mysql OS: Unix, Linux, WinNT. Example: AuthType Basic AuthName "MySQL Member Page" Auth_MYSQLhost www.widexl.com Auth_MYSQLusername root Auth_MYSQLpassword tengo Auth_MYSQLdatabase members Auth_MYSQLpwd_table widexl Auth_MYSQLuid_field username Auth_MYSQLpwd_field password Auth_MYSQL_EncryptedPasswords off require valid-user AuthType: This need to be Basic. AuthName: This is the name (realm) you want to give to your password protected site. Auth_MYSQLhost: Your MySQL database hostname. Auth_MYSQLusername: Your MySQL database username. Auth_MYSQLpassword: Your MySQL database password. Auth_MYSQLdatabase: This is your database with the member's info. Auth_MYSQLpwd_table: The members info table containing (username/password). Auth_MYSQLuid_field: The username field. Auth_MYSQLpwd_field: The password field. Auth_MYSQL_EncryptedPasswords: Are the password MySQL encrypt. [on|off]. top Deny remote hosts or IP to your web site For to deny host or IP addresses access to your site. Put a file named .htaccess in the main directory you want to deny for access to your site. Use a space for every host or IP you want to deny. To deny remote hosts <files "*.*"> Deny from .mil .gov .pol 195.12.13.156 microsoft.com 195.12.11. </files> To deny all remote hosts <files "*.*"> Deny from All </files> top Allow remote hosts or IP to your web site For to allow hosts or IP addresses access to your site. Put a file named .htaccess in the main directory you want to allow for access to your site. Use a space for every host or IP you want to allow. First deny all remote hosts <files "*.*"> Deny from All </files>Than allow the remote hosts you want to allow access to your site. <files "*.*"> Allow from your.remotehost.com 127.0.0.1 localhost widexl.com </files>For to allow all hosts. <files "*.*"> Allow from All </files> top Protecting your images and (zip) files from linking Module: mod_rewrite Put a file named .htaccess in the directory where you have the images located.
AuthUserFile /dev/null
AuthGroupFile /dev/null
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.widexl.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://ma.widexl.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://members.widexl.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://widexl.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://212.204.218.80.* [NC]
RewriteRule /* http://widexl.com/index.html [R,L]
By the RewriteCond change the web address name for who are allowed to use your images.By the RewriteRule change the web address name where to send the ones who are linking to. Note: You need to write for every web address (hostname) a new line. Remember: http://widexl.com is not the same like http://www.widexl.com top If you want to use server side includes, or CGI outside cgi-bin directory Put a file named .htaccess in the main directory off your site. For to use server side includes for .html and .shtml files. AddType text/html .html AddHandler server-parsed .html AddType text/html .shtml AddHandler server-parsed .shtml For to use CGI scripts outside the cgi-bin directory AddHandler cgi-script .cgi AddHandler cgi-script .pl top Add/delete extra Options on the web server With the Options directive can you controls server features in a particular directory. Put a file named .htaccess in the directory where you want to add/delete extra options. For to add execution from CGI scripts. Options +ExecCGI For to delete the indexing a directory. Options -Indexes For to add execution from Server-side includes. Options +Includes For to add All options minus indexing a directory. Options All -Indexes The follow options are available NoneThere are no features enabled. what means that you can do noting. See no page, no execution off CGI scripts, no indexing, just noting can be easy for protecting online data AllAll options except for MultiViews. ExecCGIExecution of CGI scripts is permitted. FollowSymLinksThe server will follow symbolic links in this directory. SymLinksIfOwnerMatchThe server will only follow symbolic links for which the target file or directory is owned by the same user id as the link. IncludesServer-side includes are permitted. IncludesNOEXECServer-side includes are permitted, but the #exec command and #include of CGI scripts are disabled. IndexesAllow to index a directory MultiViewsFor to choose automatically pages in different languages. top Tips and tricks Deny remote hosts but still log them If you have deny (only for example :) ) all .mil and .gov remote hosts And you still want to log them in a script like the Page Guard Pro script. Put a file named .htaccess in the directory where the script is. <files "guard.pl"> Allow from All </files> |
» Keyword Ranking |
Online SEO Tools
Programs
SEO Programs
Free Programs
Tutorials
Related Links| Copyright © 2000-2008 Widexl |