.Htaccess files are configuration files for Apache web servers. They can be placed in any directory of the website (the configuration applies to the directory and it contains all those with no such file inside). They can be changed even while the server is running.
They are used to modify access rights, create redirects, write custom error messages or associate file extensions to MIME types.
Security and restrictions
The use of .htaccess files has a cost in terms of performance because the web server must verify the presence of such a file before processing each request.
Be careful when using <Limit GET> … </ Limit> which has a potential for creating errors with older versions of Apache: unknown queries are not stopped by <Limit GET> , and automatically converted in GET. The page is sent anyway (source for more information).
.Htaccess files also allow URL rewriting to simplify. For example, a URL like:
can be transformed into :
It is assumed here that the value ‘order’ is 0 by default. .htaccess contain:
Topic- RewriteRule ^ ( [0-9] +) – ( [0-9] +) \ html $ viewtopic.php order = 0 & start = $ 1 & message = $ 2 [ L]. ?
The URL Rewriting Module facilitates ranking on search engines. However, it is not enabled for all hosts, especially the free ones.
Temporary redirection pages or redirection 302. This is a feature used primarily to display a maintenance page.
The page warning is shown to the user of the unavailability of the site as follows:
The code to temporarily add htaccess file will be :
Redirect 302 / http://www.example.com/maintenance.html
This redirection does not affect in any way the web page as regards search engines.
Securing a directory or file password
One of the main uses of .htaccess file is to secure part of a site. To do this, place the following content in the directory to protect the htaccess file:
AuthUserFile / var / www / .htpasswd
AuthGroupFile / var / www / .htgroup
AuthName ” visitor , you enter a members section , please log in ”
require group Members Admin
deny from all
</ LimitExcept >
Username / password footprints are stored in the htpasswd file as follows . :
Jacques : $ apr1 TVFhC / .. $ rRph2WN9n1DeW6Cs89So2 .
franck : $ apr1 vAVyg … $ HXoAN3bh.Ff6hxXKopIFpE1
robert : $ apr1 7ALHn / .. $ aV8IuW3jqdQWaStyX2Izg .
laurent : $ apr1 2o89Z / .. $ SVDHl7FK4A0w8le.cq1Z1
The majority of web hosts offer a tool to calculate the hash of a password (to avoid unencrypted storage).
User groups are defined in the htgroup file as follows:
Members: laurent robert franck
Admin: Jacques Franck