ID #1285

What can you do with the ".htaccess"?

1. Safeguarding a directory

Create a directory where all files are stored you wish to protect. The file types dont matter. When opening a file from this directory the WWW- und FTP-Servern im Internet abzurufen. Bekannte Browser sind Netscape Navigator, Microsoft Internet Explorer, Opera und Mosaic.">browser generates a window where the user has to enter his/her username and password before the file is displayed. Create a new file named .htaccess in this directory. Type the following lines into the file: 

 

 

AuthUserFile

/home/ftp-username/www/data/.htpasswd
AuthGroupFile /dev/null
AuthName "name"
AuthType Basic
<Limit GET>
require valid-user
</Limit>

 

In the first line you enter the path to the password file .htpasswd. This differs from provider to provider, e.g.: /home/ftp-username/www/data/.htpasswd.
Now put a second file named .htpasswd. into the directory. Write all usernames and - behind them - encrypted passwords into the file. For this purpose you either use a password generator or create a small PHP script that encrypts the password chosen by you. The password could look like this:

 

test1:w34fst44!eef
test2:ahjsw3tgvww

1.1 Sample PHP Script:

<form action="<?php echo $PHP_SELF ?>" method="post">
<input type="text" name="plaintext" maxlength="12">
<input type="submit" value="Create Password">
</form>

<?php
if (isset ($plaintext)):
echo "Encrypted password:<br>".crypt($plaintext);
endif;
?>

 

 

 

2. Ban one or more users
With the following entry you can define both certain users (IP addresses) who are granted access to your server and ones who are not. (Please note that most users are assigned IP addresses dynamically by the provider).

Only certain IP addresses are granted access:
order deny, allow
allow from 192.168.11.11
deny from all

Certain IP addresses aren't granted access:
order deny, allow
deny from
192.168.11.11

Locking certain files
If you don't want files that end with a  dot (e.g. the .htaccess or .htpasswd file) to be delivered by the server use the following option:

 

<FilesMatch "^\." >
deny from all
</FilesMatch>

Sharing certain file types for download
If you offer downloads it might be reasonable to directly declare certain files for download:

 

<FilesMatch "\.(gz|pdf|zip|exe)$" >
ForceType application/octet-stream
</FilesMatch>

All extensions within () will be offered as download.

3. Intercepting error pages

This possibility is a decent way to evade the browsers unhelpful error messages (e.g. "Page not found"). Write the following code in a .htaccess file for instance:

 

ErrorDocument 403 http://www.mydomain.com/errors/errors_forbidden.html
ErrorDocument 404 http://www.mydomain.com/errors/errors_not_found.html
ErrorDocument 500 http://www.mydomain.com/errors/errors_server_error.html

4. Automatic redirection
Of course you also can realize a redirection. In order to do this the .htaccess file has to be located in the root directory (/).

 

Redirect / http://www.thenewdomain.com/

The second way of redirection: the user is being redirected when entering a certain directory.

Example:
Redirect /myfolder http://www.thenewdomain.tld/

If a user is calling up //www.domain.com/myfolder he will be redirected tohttp://www.dieneuedomain.tld/

5. Calling up a certain file as start file
The start file is named index.htm or index.html or index.php. You can also use an optional other name for the start file. For example index.shtml, index.php4, etc.

DirectoryIndex index.shtml

In this example the start file index.shtml would be called up as long as it's existent.

Tags: .htaccess, .htpasswd, directory protection, htaccess, htpasswd, password security, security

Verwandte Artikel:

Kommentieren nicht möglich