FRIHOST • FORUMS • SEARCH • FAQ • TOS • BLOGS • COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


.htaccess tutorial





thaonguyenxanh
1) .htaccess IP Blocking

Ever wanted to stop someone getting on your site? And you somehow fount out their IP address? Well here's how using the .htaccess file technique.

Here's the code:
deny from <ip>

Simply replace <ip> with the user's IP that you wish to ban, and they will be unable to get onto your site.

2) Redirecting your pages using .htaccess

This tutorial will simply just show the command used to redirect using the .htaccess file.

To redirect simple paste the following code into the file:
Redirect /pootash.html http://www.pho2hosting.com

This simply redirects anyone trying to get to the "pootash.html" file in the directory to http://www.pho2hosting.com

3) Custom error pages using .htaccess
Introduction
We've all seen the dreaded Error 404 message - the result of broken links and mistyped URLs. You've probably been on some websites where the error pages are customised with their own logo and message, and I'm sure you'll agree that it looks far more professional than the standard one.

In this article we'll show you how to use Apache's .htaccess file to make your own customised error 404 pages.

Create the .htaccess file
Create a new text file on your computer, and call it "htaccess.txt". Enter the following lines:

<Files .htaccess>
order allow,deny
deny from all
</Files>

ErrorDocument 404 /errordocs/error404.htmThe first part stops people viewing your .htaccess file. The second part tells Apache to redirect any 404 errors to the file "error404.htm".

Create the 404 page
Now you need to create the 404 page. Make a new web page called "error404.htm" and enter "This is my 404 page". Enter it a few dozen times, as Internet Explorer won't display it unless the file is over 512 bytes.

Once it's done, login to your webspace with your FTP client, and create a new folder called "errordocs". Upload the file "error404.htm" to this directory. Upload "htaccess.txt" to the root of your webspace and rename it to ".htaccess" — there's no .txt at the end, no name in front, just ".htaccess". If the file seems to vanish don't worry, some FTP clients don't display it — the file's still there.

Trying it out
Now you need to see if it works. Type the URL of your website in your browser and add a random file name at the end. Something like "http://www.yoursite.com/dgsgdgsdgdsgg.htm".

If everything has worked properly, you should now be seeing your custom error message. If not, then it's possible your web host doesn't allow you to have your own .htaccess files. You may want to contact them and ask.

If it worked then you can now make a proper 404 page. You can have your own images, text, in fact anything else you can have in a normal web page. The best 404 pages have the site logo and a few simple lines explaining what's happened. If you have a site search, you could put that on it too in order to help visitors find what they're looking for.

Taking it further
There's several other error documents that you might wish to customise.

400 - Bad request
401 - Authorization Required
403 - Forbidden directory
404 - Page not found
500 - Internal Server Error

For each one you want to use, simply add a line to your .htaccess file and create the corresponding page.

<Files .htaccess>
order allow,deny
deny from all
</Files>
ErrorDocument 403 /errordocs/error403.htm
ErrorDocument 404 /errordocs/error404.htm
ErrorDocument 500 /errordocs/error500.htm
Alienz
Thanks for the tutorial.
animefan
.htaccess is very powerful and saves sites tons in bandwidth everyday. There's a anti-leech code with Anti-Leech i think it goes like this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://yoururlandothers.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yoururlandothers.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ [R,NC]

That's how you can anti-leech your site if you have pics you don't want people to hot link.
charliehk
thx for your useful techniques! I've seen a feature in CPanel called Leech Protect. Does it achieve similar thing?

animefan wrote:
.htaccess is very powerful and saves sites tons in bandwidth everyday. There's a anti-leech code with Anti-Leech i think it goes like this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://yoururlandothers.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yoururlandothers.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ [R,NC]

That's how you can anti-leech your site if you have pics you don't want people to hot link.
charliehk
I think Error Pages could also be set by "Error pages" Icon in CPanel
mOrpheuS
charliehk wrote:
I think Error Pages could also be set by "Error pages" Icon in CPanel

the "error pages" Icon in control panel internally modifies the .htaccess file.
so basically you can do it either way to get the same results.
the latter method maybe more suitable, as it doesn't involve any manual file editing.
Wink
charliehk
you said "internally"; so the file .htaccess hasn't changed, right? So has .htaccess been changed? I didn't notice .htaccess being changed when I set Error pages with CPanel Question

thx!

mOrpheuS wrote:
charliehk wrote:
I think Error Pages could also be set by "Error pages" Icon in CPanel

the "error pages" Icon in control panel internally modifies the .htaccess file.
so basically you can do it either way to get the same results.
the latter method maybe more suitable, as it doesn't involve any manual file editing.
Wink
dionet
.htaccess is very usefull.

I use htaccess to block IPs of "bad" people.
yosefa
animefan wrote:
.htaccess is very powerful and saves sites tons in bandwidth everyday. There's a anti-leech code with Anti-Leech i think it goes like this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://yoururlandothers.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yoururlandothers.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ [R,NC]

That's how you can anti-leech your site if you have pics you don't want people to hot link.

Thanks!
jajarvin
Thank you very much for your tutorial.
sensui
Wow this is great. Thanks
jazzman
Quote:
Allowing users to upload files to your website can be a big security risk, even if it’s simply to change their avatar. The risk is that any file uploaded however innocent it may look, could contain a script that when executed on your server completely opens up your website.

If you have a file upload form then you need to treat all files with great suspicion. If you are allowing users to upload images, you cannot rely on the file extension or the mime type to verify that the file is an image as these can easily be faked. Even opening the file and reading the header, or using functions to check the image size are not full proof. Most images formats allow storing a comment section which could contain PHP code that could be executed by the server.

So what can you do to prevent this? Ultimately you want to stop users from being able to execute any file they upload. By default web servers won't attempt to execute files with image extensions, but it isn't recommended to rely solely on checking the file extension as a file with the name image.jpg.php has been known to get through.

Some options are to rename the file on upload to ensure the correct file extension, or to change the file permissions, for example, chmod 0666 so it can't be executed. If using *nix you could create a .htaccess file (see below) that will only allow access to set files preventing the double extension attack mentioned earlier.

Code:
deny from all
<Files ~ "^\w+\.(gif|jpe?g|png)$">
order deny,allow
allow from all
</Files>


Ultimately, the recommended solution is to prevent direct access to uploaded files all together. This way, any files uploaded to your website are stored in a folder outside of the webroot or in the database as a blob. If your files are not directly accessible you will need to create a script to fetch the files from the private folder (or an HTTP handler in .NET) and deliver them to the browser. Image tags support an src attribute that is not a direct URL to an image, so your src attribute can point to your file delivery script providing you set the correct content type in the HTTP header. For example:

Code:
<img src="/imageDelivery.php?id=1234" />
 
<?php
     // imageDelivery.php
 
     // Fetch image filename from database based on $_GET["id"]
     ...
 
     // Deliver image to browser
      Header('Content-Type: image/gif');
     readfile('images/'.$fileName); 
 
?>


Source: http://www.netmagazine.com/features/10-essential-security-tips-protect-your-site-hackers
ogah
i have make permalink with htaccess like this
Code:
RewriteRule ^(.*?)_([0-9]{1,})\.html ./?q=$1&page=$2

RewriteRule ^(.*?)\.html ./?q=$1

this htaccess work fine if i open my URL like http://myadomain.com/something.html and http://myadomain.com/something_2.html

but if i open URL http://myadomain.com/?q=something the page not automaticaly redirect to http://myadomain.com/something.html


how to make htaccess so my URL http://myadomain.com/?q=something will redirected to http://myadomain.com/something.html ?
Peterssidan
ogah, will this work?
Code:
RewriteRule ^q=(.*?) http://myadomain.com/$1.html [R=301,L]
bogisha
Quite useful tips... Thanks for sharing.

Bogdan
ogah
Peterssidan wrote:
ogah, will this work?
Code:
RewriteRule ^q=(.*?) http://myadomain.com/$1.html [R=301,L]
not work

this also not work
Code:
RewriteRule ^\?q=(.*?) http://mydomain.com/$1.html [R=301,L]

and this also not work
Code:
RewriteRule (.*?)q=(.*?) http://mydomain.com/$2.html [R=301,L]
Peterssidan
ogah wrote:
Peterssidan wrote:
ogah, will this work?
Code:
RewriteRule ^q=(.*?) http://myadomain.com/$1.html [R=301,L]
not work
I made some testing and found that it works if you remove the question mark.
Code:
[url]RewriteRule ^q=(.*) http://myadomain.com/$1.html [R=301,L]
It also works if you add a dollar sign.
Code:
[url]RewriteRule ^q=(.*?)$ http://myadomain.com/$1.html [R=301,L]
Or you can do both.
mjohnson
It is very useful,I have that problem,now I know how to solve it!thanks a lot!
Gregoric
Nice one.

I only suggest you to add a bit more formatting to make the post more readable.

But all in all it is good and covers the most useful basics. Thanks!
adilzulfiqar
i am testing a website.so i used .htaccess file to hide the ".php" extension.
But i search many tutorials and google to much but did not find any good way to hide.
here is the link of website. http://hifzonazirah.22web.org/
please check the top menu. when you click on "Courses" .php extension not hide.

i save this script in my .htaccess file..

Code:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php


also i want to mention that .htaccess file are save in the folder where index.php file is save.

so can you plz guide me to remove .php extension?
Peterssidan
@adilzulfiqar
I'm not sure exactly what the RewriteCond lines do but it looks like it works. Visiting /courses shows the same as /courses.php.
johans
thaonguyenxanh wrote:
1) .htaccess IP Blocking

Ever wanted to stop someone getting on your site? And you somehow fount out their IP address? Well here's how using the .htaccess file technique.

Here's the code:
deny from <ip>

Simply replace <ip> with the user's IP that you wish to ban, and they will be unable to get onto your site.

2) Redirecting your pages using .htaccess

This tutorial will simply just show the command used to redirect using the .htaccess file.

To redirect simple paste the following code into the file:
Redirect /pootash.html http://www.pho2hosting.com

This simply redirects anyone trying to get to the "pootash.html" file in the directory to http://www.pho2hosting.com

3) Custom error pages using .htaccess
Introduction
We've all seen the dreaded Error 404 message - the result of broken links and mistyped URLs. You've probably been on some websites where the error pages are customised with their own logo and message, and I'm sure you'll agree that it looks far more professional than the standard one.

In this article we'll show you how to use Apache's .htaccess file to make your own customised error 404 pages.

Create the .htaccess file
Create a new text file on your computer, and call it "htaccess.txt". Enter the following lines:

<Files .htaccess>
order allow,deny
deny from all
</Files>

ErrorDocument 404 /errordocs/error404.htmThe first part stops people viewing your .htaccess file. The second part tells Apache to redirect any 404 errors to the file "error404.htm".

Create the 404 page
Now you need to create the 404 page. Make a new web page called "error404.htm" and enter "This is my 404 page". Enter it a few dozen times, as Internet Explorer won't display it unless the file is over 512 bytes.

Once it's done, login to your webspace with your FTP client, and create a new folder called "errordocs". Upload the file "error404.htm" to this directory. Upload "htaccess.txt" to the root of your webspace and rename it to ".htaccess" — there's no .txt at the end, no name in front, just ".htaccess". If the file seems to vanish don't worry, some FTP clients don't display it — the file's still there.

Trying it out
Now you need to see if it works. Type the URL of your website in your browser and add a random file name at the end. Something like "http://www.yoursite.com/dgsgdgsdgdsgg.htm".

If everything has worked properly, you should now be seeing your custom error message. If not, then it's possible your web host doesn't allow you to have your own .htaccess files. You may want to contact them and ask.

If it worked then you can now make a proper 404 page. You can have your own images, text, in fact anything else you can have in a normal web page. The best 404 pages have the site logo and a few simple lines explaining what's happened. If you have a site search, you could put that on it too in order to help visitors find what they're looking for.

Taking it further
There's several other error documents that you might wish to customise.

400 - Bad request
401 - Authorization Required
403 - Forbidden directory
404 - Page not found
500 - Internal Server Error

For each one you want to use, simply add a line to your .htaccess file and create the corresponding page.

<Files .htaccess>
order allow,deny
deny from all
</Files>
ErrorDocument 403 /errordocs/error403.htm
ErrorDocument 404 /errordocs/error404.htm
ErrorDocument 500 /errordocs/error500.htm


Thank you. This gives me idea. cool
Arrogant
I was just thinking about how to restrict users to see my resource files and i saw this post
This was really helpful.
Thanks for the tuto
Related topics
FDisk Tutorial
htaccess Password Protection
CANT UPLOAD .htaccess, .htpasswd, .header, .footer
Tutorials
The worlds shortest and laziest Mambo tutorial.
[tutor] How to protect images without htaccess using PHP
.htaccess IP Blocking
Custom error pages using .htaccess
Perl Tutorial links
[PhP] News Posting Tutorial (code, actually ^^')
CUSTOM ERROR PAGES
Master Tutorial on SEO
General .htaccess tutorial.
htaccess Problem
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.