Difference between revisions of "HTACCESS"


Line 1: Line 1:
An .htaccess file can be used to customize some of the settings on your website, in the directory the file is located. The file is in basic text, and the filename must be exactly ".htaccess".  Here are some of the more common, useful .htaccess functions you can add to your site.  <br />
+
==What Is It?==
  
* Any rules you set by .htacess will apply to all files in the directory you have placed the .htaccess file, and any of it's subdirectories.  The .htaccess rules in the current directory will override any .htaccess rules set in a parent directory.  
+
.htaccess is a plain text file used to customize some web server settings for your website.  It applies a set of configuration options to all files in the directory that the file is located. In addition, these options will also apply to subdirectories of that directory, unless a separate .htaccess file in those directories contains different settings.
  
*  Any typos or mistakes in a .htaccess file will may result in a http 500 server error being returned when you try to visit that directory, and may render your entire site offline.
+
===Cautions===
  
.htaccess files are very picky about what you put in them so please be careful.
+
It is important to follow these guidelines when editing .htaccess files:
  
 +
* The filename must be exactly .htaccess - you can not use any other filename.
 +
** If you have problems renaming a file to .htaccess in windows, open the file in Notepad, Choose "Save as.." and select "All types (*.*)" next to file type. Now type the filename ".htaccess" and click save.
  
 +
* Any rules you set by .htacess will apply to all files in the directory you have placed the .htaccess file, and any of its subdirectories.  The .htaccess rules in the current directory will override any .htaccess rules set in a parent directory.
  
*Do not attempt to turn safe mode off in a .htaccess file, this will not work and will cause your site to no longer load.
+
* Any typos or mistakes in a .htaccess file will may result in an HTTP 500 server error being returned when you try to visit that directory, and may render your entire site offline.  If this happens, you can still access your site with the File Manager on your Bravenet.com website manager, or with any FTP program.
   
 
  
 +
* .htaccess files are very picky about what you put in them so please be careful to use exact syntax.
  
* Blocking another website linking to yours<br />
+
*Do not attempt to turn PHP safe mode off in a .htaccess file - this will not work and will cause your site to no longer load until you undo the change.
  
Add the following to a .htaccess file in the directory containing the files you want to protect:
+
==Using htaccess To...==
  
# go away!
+
====Block another website from linking to yours====
RewriteEngine On
+
Add the following to a .htaccess file in the directory containing the files you want to protect, and change the text "badsite.com" to be the exact name of the website you want to block:
RewriteCond %{HTTP_REFERER} ^http://badsite.com(.*)$ [NC] RewriteRule ^.* - [F,L]
 
  
 +
<pre>
 +
# go away!
 +
RewriteEngine On
 +
RewriteCond %{HTTP_REFERER} ^http://badsite.com(.*)$ [NC] RewriteRule ^.* - [F,L]
 +
</pre>
  
Entry should have a link to the apache url rewriting guide<br />
+
====Enable or disable error reporting in PHP====
http://httpd.apache.org/docs/2.3/misc/rewriteguide.html
+
Add the following lines to your .htaccess file to enable error reporting:
  
 +
<pre>
 +
Options +FollowSymlinks
 +
RewriteEngine on
 +
php_flag display_errors on
 +
php_value error_reporting 7
 +
</pre>
  
* Enabling or disabling error reporting in PHP
+
We have display_errors set to "on" by default for all users - this is to help inform you of problems when you are working on your site. You may want to turn that off when you are ready to show your site off to the world - use the following to disable errors:
Add the following lines to your .htaccess file to enable error reporting.
+
<pre>
 +
php_value display_errors 0
 +
</pre>
  
Options +FollowSymlinks
+
When errors are disabled, the visitor will only see a blank page when an error is encountered, instead of several lines of PHP code and error messages.
RewriteEngine on
 
php_flag display_errors on
 
php_value error_reporting 7
 
  
We have display_errors set to on by default for all users, this is to help inform you of problems when you are working on your site.
+
====Enable the "Register Globals" PHP flag====
 +
Add the following only if your PHP code specifically requires this setting.  It does have some security implications, so you should only use it if you need to.  In addition, this setting will no longer be an option once PHP 6.0 is released, so please consider staying clear of PHP code that requires this setting.
  
If you would rather suppress this warnings to yourself and visitors you can add the following to a .htaccess file in the same directory with your php.
+
<pre>
 +
php_value register_globals 1
 +
</pre>
  
php_value display_errors 0
+
====Limiting access to your website based by IP address====
  
Note that with display_errors off you will simply get a blank page if php encounters an error on your site.
+
Add the following to a .htaccess file in the directory you want to protected:
  
 +
<pre>
 +
# allow access to just two ips
 +
order allow,deny
 +
# my home ip, my work ip
 +
allow from 168.55.55.11 58.66.12.79
  
 +
Be careful as you may lock yourself out of your own site. If this happens, you can always access your site with a ftp program or with our File Manager tool and remove or modify the .htaccess file.
  
* If you require register_globals to be on for older php scripts you can enable it by adding
+
====Hide .php extensions to make your website address look cleaner====
 +
If you want to hide .php extensions to make your site appear more "clean" you can add the following to a .htaccess file:
  
php_value register_globals 1
+
<pre>
 +
Options +MultiViews
 +
</pre>
  
to a .htaccess file. Although we strongly caution against it due to security implications for your site.
+
Now, for example, instead of seeing <tt>http://yoursite.com/dem.php?forum=1</tt> you would see <tt>http://yoursite.com/dem?forum=1</tt>. Be careful with this though, as it can lead to unexpected results.  As always, test your changes thoroughly!
  
 +
====Add a MIME type to the webserver====
 +
Adding a MIME type to the server allows visitors to your website to be prompted to open files directly into the correct application.  For example, if you have some java programs on your website, and want visitors to be able to run those programs directly in Java webstart, you would add the following to your .htaccess file:
  
 +
<pre>
 +
AddType application/x-java-jnlp-file JNLP
 +
</pre>
  
*Limiting access to your website based on ip with .htaccess.  
+
====Enable compression for PHP files====
 +
Bravenet use compression on certain files to make downloading websites a lot faster.  However, some files we leave uncompressed to avoid certain errors.  If you would like to enable compression on everything, add the following to your .htaccess file.  Make sure to test your entire site if you enable this option - some code does not like this setting.
  
Create a .htaccess file in the directory you want to protected and add something similar to the following:
+
<pre>
 +
# enable compression for everything
 +
SetOutputFilter DEFLATE
 +
</pre>
  
# allow access to just me!
+
===Resources===
order allow,deny
 
# my home ip, my work ip
 
allow from 168.55.55.11 58.66.12.79
 
  
but be careful as you may lock yourself out of your own site. Of course you can always go in via ftp and remove that.
+
[http://www.htaccesstools.com/]
 +
*This website has an excellent .htaccess generator, and more information about .htaccess files.
  
 +
[http://www.htaccesseditor.com/]
 +
* Another tool to create .htaccess files
  
 
+
[http://httpd.apache.org/docs/2.3/misc/rewriteguide.html]
* If you want to hide .php extensions to make your site appear more 'clean' you can do so with a .htaccess file with the following
+
* Apache's rewrite guide has more information on using rewrite rules.
 
 
Options +MultiViews
 
 
 
in the same directory as the php file.
 
 
 
Now you can hit
 
 
 
http://yoursite.com/dem?forum=1
 
 
 
instead of
 
 
 
http://yoursite.com/dem.php?forum=1
 
 
 
be careful with this though, as it can lead to unexpected results.
 
 
 
 
 
 
 
* Mime Types - Java webstart
 
Creating an .htaccess file with the following line will enable java webstart jnlp Mime type.
 
 
 
AddType application/x-java-jnlp-file JNLP
 
 
 
 
 
If users want to enable the 'compress everything including .php' we used to have they will now have to add the following to a .htaccess file in their foo.com/ directory:
 
 
 
# enable compression for everything
 
SetOutputFilter DEFLATE
 
<br><br>
 
An .htaccess generator can be found here:
 
<br><br>
 
[http://www.htaccesseditor.com/en.shtml http://www.htaccesseditor.com/en.shtml]
 

Revision as of 16:32, 3 March 2008

What Is It?

.htaccess is a plain text file used to customize some web server settings for your website. It applies a set of configuration options to all files in the directory that the file is located. In addition, these options will also apply to subdirectories of that directory, unless a separate .htaccess file in those directories contains different settings.

Cautions

It is important to follow these guidelines when editing .htaccess files:

  • The filename must be exactly .htaccess - you can not use any other filename.
    • If you have problems renaming a file to .htaccess in windows, open the file in Notepad, Choose "Save as.." and select "All types (*.*)" next to file type. Now type the filename ".htaccess" and click save.
  • Any rules you set by .htacess will apply to all files in the directory you have placed the .htaccess file, and any of its subdirectories. The .htaccess rules in the current directory will override any .htaccess rules set in a parent directory.
  • Any typos or mistakes in a .htaccess file will may result in an HTTP 500 server error being returned when you try to visit that directory, and may render your entire site offline. If this happens, you can still access your site with the File Manager on your Bravenet.com website manager, or with any FTP program.
  • .htaccess files are very picky about what you put in them so please be careful to use exact syntax.
  • Do not attempt to turn PHP safe mode off in a .htaccess file - this will not work and will cause your site to no longer load until you undo the change.

Using htaccess To...

Block another website from linking to yours

Add the following to a .htaccess file in the directory containing the files you want to protect, and change the text "badsite.com" to be the exact name of the website you want to block:

# go away!
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://badsite.com(.*)$ [NC] RewriteRule ^.* - [F,L]

Enable or disable error reporting in PHP

Add the following lines to your .htaccess file to enable error reporting:

Options +FollowSymlinks
RewriteEngine on
php_flag display_errors on
php_value error_reporting 7

We have display_errors set to "on" by default for all users - this is to help inform you of problems when you are working on your site. You may want to turn that off when you are ready to show your site off to the world - use the following to disable errors:

php_value display_errors 0

When errors are disabled, the visitor will only see a blank page when an error is encountered, instead of several lines of PHP code and error messages.

Enable the "Register Globals" PHP flag

Add the following only if your PHP code specifically requires this setting. It does have some security implications, so you should only use it if you need to. In addition, this setting will no longer be an option once PHP 6.0 is released, so please consider staying clear of PHP code that requires this setting.

php_value register_globals 1

Limiting access to your website based by IP address

Add the following to a .htaccess file in the directory you want to protected:

# allow access to just two ips
order allow,deny
# my home ip, my work ip
allow from 168.55.55.11 58.66.12.79

Be careful as you may lock yourself out of your own site. If this happens, you can always access your site with a ftp program or with our File Manager tool and remove or modify the .htaccess file.

====Hide .php extensions to make your website address look cleaner====
If you want to hide .php extensions to make your site appear more "clean" you can add the following to a .htaccess file:

<pre>
Options +MultiViews

Now, for example, instead of seeing http://yoursite.com/dem.php?forum=1 you would see http://yoursite.com/dem?forum=1. Be careful with this though, as it can lead to unexpected results. As always, test your changes thoroughly!

Add a MIME type to the webserver

Adding a MIME type to the server allows visitors to your website to be prompted to open files directly into the correct application. For example, if you have some java programs on your website, and want visitors to be able to run those programs directly in Java webstart, you would add the following to your .htaccess file:

AddType application/x-java-jnlp-file JNLP

Enable compression for PHP files

Bravenet use compression on certain files to make downloading websites a lot faster. However, some files we leave uncompressed to avoid certain errors. If you would like to enable compression on everything, add the following to your .htaccess file. Make sure to test your entire site if you enable this option - some code does not like this setting.

# enable compression for everything 
SetOutputFilter DEFLATE

Resources

[1]

  • This website has an excellent .htaccess generator, and more information about .htaccess files.

[2]

  • Another tool to create .htaccess files

[3]

  • Apache's rewrite guide has more information on using rewrite rules.