.htaccess is a powerful and essential thing for your apache web server. When you place your custom .htaccess file into your web root directory it will automatically executed through your webserver. And help to protect your files, directories and sub directories with help of .htaccess rules.
.htaccess stands hypertext access file. .htaccess file that defaultly resides into your php installation directory.
You can place custom .htaccess file into your web directory too for file, directory and sub directory protection. For that just create one .htaccess file with the rules inside it.
lets look at some tips and tricks inside it.
To comment code in .htaccess
Commenting is essential thing for understanding the code / rule that you have specified for your server protection. Comment can be done with the help of leading symbol "#" which is called pound sign. For multiple line comment multiple # are required in .htaccess.
Ex.
# This is comment line leading with pound sign
# Line two with another pound sign
Enable Basic Rewriting Mode/ Engine
Rewriting mode - "mod_rewrite" is not enable in many servers defaultly, so, first just use line to enable "mod_rewrite". This will help you to add rewriting rules to servers.
Ex.
# Enable Rewrite Engin
RewriteEngin on
Enable Symbolic Links (FollowSymLinks)
FollowSymLinks is a directive in your web server configuration that tells your web server to follow so called symbolic links. As one would expect, FollowSymLinks is an acronym for Follow Symbolic Links. FollowSymLinks is a very important setting that plays a role in your website security.
Simply saying to show your image path which is not actual done by FolloSymLinks enabling. For working of this required to turn on the AllowOverride Option.
Ex.
Options +FollowSymLinks
Enable AllowOverride Option
When this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.
When this directive is set to All, then any directive which has the .htaccess Context is allowed in .htaccess files.
Rename .htaccess FileEx.
AllowOverride All | None | directive-type
For more infor about allow override visit :
http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride
To protect and to hide content of .htaccess file its essential to rename the file with other name.
Note: This directive must be placed in the server-wide configuration file or it will not work:
# rename htaccess files
AccessFileName ht.access
Note: If you rename your htaccess files, remember to update any associated configuration settings. For example, if you are protecting your htaccess file via FilesMatch, remember to inform it of the renamed files:
# protect renamed htaccess files<FilesMatch "^ht\.">Order deny,allowDeny from all</FilesMatch>
Make Custom Directory Index File
It is possible to change your default index file to some other location even in some directory with the help of following code.
Ex.DirectoryIndex index.html index.php index.htm
Set Custom Error Page
Replicate the following patterns to serve your own set of custom error pages. Simply replace the “/errors/###.html” with the correct path and file name. Also change the “###” preceding the path to pages for other errors.
Note: your custom error pages must be larger than 512 bytes in size or they will be completely ignored by Internet Explorer:
Replicate the following patterns to serve your own set of custom error pages. Simply replace the “/errors/###.html” with the correct path and file name. Also change the “###” preceding the path to pages for other errors.
Note: your custom error pages must be larger than 512 bytes in size or they will be completely ignored by Internet Explorer:
# serve custom error pages
ErrorDocument 400 /errors/400.html
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
# provide a universal error documentRewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule ^.*$ /dir/error.php [L]
Prevent Access to Specific File
To restrict access to a specific file, add the following code block and edit the file name, “secretfile.jpg”, with the name of the file that you wish to protect:
To restrict access to a variety of file types, add the following code block and edit the file types within parentheses to match the extensions of any files that you wish to protect:
Very essential for hiding your directory index view.
Prevent unauthorized directory browsing by instructing the server to serve a “xxx Forbidden – Authorization Required” message for any request to view a directory. For example, if your site is missing it’s default index page, everything within the root of your site will be accessible to all visitors. To prevent this, include the following htaccess rule:
# prevent viewing of a specific filePrevent access to multiple file types
<files secretfile.jpg>
order allow,deny
deny from all
</files>
To restrict access to a variety of file types, add the following code block and edit the file types within parentheses to match the extensions of any files that you wish to protect:
<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)quot;>Prevent Unauthorized Directory Browsing
Order Allow,Deny
Deny from all
</FilesMatch>
Very essential for hiding your directory index view.
Prevent unauthorized directory browsing by instructing the server to serve a “xxx Forbidden – Authorization Required” message for any request to view a directory. For example, if your site is missing it’s default index page, everything within the root of your site will be accessible to all visitors. To prevent this, include the following htaccess rule:
# disable directory browsing
Options All -Indexes
Conversely, to enable directory browsing, use the following directive:
# enable directory browsing
Options All +Indexes
Likewise, this rule will prevent the server from listing directory contents:
# prevent folder listing
IndexIgnore *
And, finally, the IndexIgnore directive may be used to prevent the display of select file types:
# prevent display of select file types
IndexIgnore *.wmv *.mp4 *.avi *.etc
Redirect From Old URL to New URL / Redirect from One Domain to Another With 301 Redirect
Redirect an entire site via 301:
# redirect an entire site via 301Redirect a specific file via 301:
redirect 301 / http://www.domain.com/
# redirect a specific file via 301Redirect an entire site via permanent redirect:
redirect 301 /current/currentfile.html http://www.newdomain.com/new/newfile.html
# redirect an entire site via permanent redirectRedirect a page or directory via permanent redirect:
Redirect permanent / http://www.domain.com/
# redirect a page or directoryRedirect browser to https (ssl)
Redirect permanent old_file.html http://www.new-domain.com/new_file.html
Redirect permanent /old_directory/ http://www.new-domain.com/new_directory/
Add following snippet to your htaccess and redirect entire website to https.
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Replace .php file extension with any other like .htm or .html or .asp or .pl (Any Desired extension)
It is very convinient and easy to replace the .php extension for security. It can be easily be shown like .htm and .html or some else with following code.
Its also very easy to hide .php extension in your webpage. Add following code to your .htaccess file. Your page will look like www.yourDomain.com/pageName instead of www.yourDomain.com/pageName.php
It is very convinient and easy to replace the .php extension for security. It can be easily be shown like .htm and .html or some else with following code.
AddType application/x-httpd-php .htmlor for .htm extension
AddType application/x-httpd-php .html
If your extension of php file is .php5 then replace http-php with httpd-php5 .yourDesieredIf you are looking to replace only one page url, means only for one page say pageName.html or file.html file then it is convenient to use file directory tag
<FIles pageName.html>Hide extension of files
AddType application/x-httpd-php .html
</Files>
Its also very easy to hide .php extension in your webpage. Add following code to your .htaccess file. Your page will look like www.yourDomain.com/pageName instead of www.yourDomain.com/pageName.php
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
No comments:
Post a Comment