Basic overview of .htaccess files

Cartoon man typing on keyboard, looking at laptop screen.

.Htaccess files are configuration files for Apache web servers. They can be placed in any directory of the website (the configuration applies to the directory and it contains all those with no such file inside). They can be changed even while the server is running.

They are used to modify access rights, create redirects, write custom error messages or associate file extensions to MIME types.

Security and restrictions

The use of .htaccess files has a cost in terms of performance because the web server must verify the presence of such a file before processing each request.

Be careful when using <Limit GET> … </ Limit> which has a potential for creating errors with older versions of Apache: unknown queries are not stopped by <Limit GET> , and automatically converted in GET. The page is sent anyway (source for more information).

URL rewriting

.Htaccess files also allow URL rewriting to simplify. For example, a URL like:

http://www.example.com/viewtopic.php?order=0&start=1256&message=50

can be transformed into :

http://www.example.com/topic-1256-50.html

It is assumed here that the value ‘order’ is 0 by default. .htaccess contain:

RewriteEngine on

Topic- RewriteRule ^ ( [0-9] +) – ( [0-9] +) html $ viewtopic.php order = 0 & start = $ 1 & message = $ 2 [ L]. ?

The URL Rewriting Module facilitates ranking on search engines. However, it is not enabled for all hosts, especially the free ones.

Temporary redirection pages or redirection 302. This is a feature used primarily to display a maintenance page.

The page warning is shown to the user of the unavailability of the site as follows:

http://www.example.com/maintenance.html

The code to temporarily add htaccess file will be :

Redirect 302 / http://www.example.com/maintenance.html

This redirection does not affect in any way the web page as regards search engines.

Securing a directory or file password

One of the main uses of .htaccess file is to secure part of a site. To do this, place the following content in the directory to protect the htaccess file:

AuthUserFile / var / www / .htpasswd
AuthGroupFile / var / www / .htgroup
AuthName ” visitor , you enter a members section , please log in “
AuthType Basic
<Limit GET>
require group Members Admin
</ Limit>
<LimitExcept GET>
deny from all
</ LimitExcept >

Username / password footprints are stored in the htpasswd file as follows . :

Jacques : $ apr1 TVFhC / .. $ rRph2WN9n1DeW6Cs89So2 .
franck : $ apr1 vAVyg … $ HXoAN3bh.Ff6hxXKopIFpE1
robert : $ apr1 7ALHn / .. $ aV8IuW3jqdQWaStyX2Izg .
laurent : $ apr1 2o89Z / .. $ SVDHl7FK4A0w8le.cq1Z1

The majority of web hosts offer a tool to calculate the hash of a password (to avoid unencrypted storage).

User groups are defined in the htgroup file as follows:

Members: laurent robert franck
Admin: Jacques Franck

About these ads