|
Using your .htaccess file
This is a continuation from htaccess - part 1.
SSI extensions allow server-side HTML, which are little snippets of code that run on the server-side, rather than on the client-side like HTML and Javascript. To enable SSI within your htaccess file, include this code anywhere within it:
AddType text/html .shtml
AddHandler server-parsed .shtml
AddHandler server-parsed .html
Options Indexes FollowSymLinks Includes
The first line of code tells the server to support server-side HTML. The 2nd two lines of code add the file extensions that should support server-side HTML. Usually, we only specify .shtml. However, what if you have a million .html files and don't want to rename them all? Our third line of code takes care of that little problem, which instructs the server to interpret all files ending with .html as server-side documents. It is fine, by the way, if some of your .html documents do not have server-side code within them.
The last line of jargon specifies options included when using SSI. You do not need to worry about that line, other than including it in your .htaccess file.
The .htaccess file can also be used to establish redirections from one file to another. Redirection is extremely trivial and is setup like this within your file:
Redirect /oldfile.html /newfile.html
Simply, whenever the web server encounters a request for oldfile.html within the root directory, it will forward the request and return the results from newfile.html, also within the root directory.
Want to redirect to another site? No problem:
Redirect /oldfile.html http://www.yournewsite.com/newfile.html
That is all there is to it to setup .htaccess redirections.
As a web site owner, you may have come across a user who insists on causing trouble. The .htaccess file provides a way to completely deny a user's ability to use your web site, based on the user's IP address or domain name. Let us take a look at how to implement something like this:
order allow,deny
deny from 64.45.16.87
deny from really-bad-domain.net
allow from all
The above line of code will deny users to the directory in which the .htaccess file is placed with an IP address of 64.45.16.87 or from the domain name really-bad-domain.net. Alternatively, we could deny access to everyone except those browsing from a particular IP address or domain name:
order deny,allow
allow from 64.45.16.87
allow from really-nice-domain.net
deny from all
This would only allow access to those coming from the 64.45.16.87 IP address or the really-nice-domain.net domain. The order argument determines what order each directive is interpreted. For example, 'order allow,deny' means that the allow directive will be executed first and deny will be executed second.
Password protection is probably the most used function of the .htaccess file aside from custom error pages. Setting up a password protected directory is a little more elaborate than what we have seen thus far but is certainly feasible by anyone with a little willingness to learn.
The .htaccess method of password protecting a directory uses another file, called .htpasswd. This stores the username of the user along with the encrypted password of that user. Each time the user attempts to access a file within a protected area, the username and password the user inputs is checked against the .htpasswd file for authentication.
First, we need to create the .htpasswd file. Normally, you need access to the Unix machine to create this file with the following htpasswd utility:
htpasswd -c /home/user/names steve
The above line of code creates the file 'names' (with the -c flag) and creates the username of steve. The system will then ask for a password twice. However, since web hosting providers do not allow clients the ability to access the machine, we need another method for creating this file.
I found a neat utility online useful for encrypting the password for a user. Simply click on this link and enter the desired username. Then, enter the password twice and click the 'calculate' button. You should come back with something like this (given the username of steve):
steve:55xi8gLk0Qtm6
Copy and paste that entire line into a blank text file and name it .htpasswd. Each time you wish to create another user, simply use the same web site and copy and paste the new username and encrypted password to the next available line in your .htpasswd file.
Next, upload this document to your account. If you can, upload this file to a directory above that of your root web directory. For example, if your root directory was /home/user/public_html, then the directory above it would be user. This makes this file completely inaccessible by the general Internet public, which is a very good thing. Remember to upload this document in ASCII and not binary.
Our next step is to create (or amend) the .htaccess file. Open or create the file and include this within it:
AuthUserFile /home/user/.htpasswd
AuthGroupFile /home/user/group
AuthName "The incredibly safe realm"
AuthType Basic
require valid-user
Notice that we have specified the location of the .htpasswd file to /home/user/.htpasswd. Be sure the path is correct to the .htpasswd document on the system. We will not be using a Group file, so we can input any directory. The AuthName directive is what will be displayed in the popup dialog box that asks for the username and password to access a protected directory.
Also notice require valid-user. This means that any username within the .htpasswd file can be checked and validated. If, for example, we only wanted to allow particular users access, we could use something like:
require user username1 username2 username3 username4
That is all there is to it to create a password protected directory. Be aware that if you place this file within your root directory, your entire web site will be password protected, which may or may not be what you intend.
<- Back to Indexing, Directory listing and error codes
Author: Steve
Date written: November, 2002
Words: 2,518
|
You are not logged in. 
Like new stuff? Here are the newest articles, at your service.
We've teamed up with mighty Amazon.com to bring you the best in technical literature. Check them out. Learn. Experience.