Here I discuss some of the basic .htaccess practices, which, as a developer and a server administrator I have to use frequently.
1.htaccess for Authorization or authentication
.htaccess files are often used to specify the security restrictions for the particular directory, hence the filename “access”. The .htaccess file is often accompanied by a .htpasswd file which stores valid usernames and their passwords.
In the .htaccess file :
# password-protect the directory in which this htaccess file is AuthType basic AuthName "This directory is protected" AuthUserFile /home/path/.htpasswd AuthGroupFile /dev/null Require valid-user
The .htpasswd file in the path specified as “AuthUserFile” contains username and password like this:
jones Pwd4Steve
2.Blocking
This one I use frequently when I have to put a site in maintenance mode, and only me and the client to be allowed to surf through the site.
RewriteEngine on RewriteCond %{REQUEST_URI} !/maintenance.html$ #as i use image in the maintenance page #need to permit access to the image used in the page RewriteCond %{REQUEST_URI} !/images/maintenance.jpg$ #my ip RewriteCond %{REMOTE_ADDR} !115.187.x.x #check for client's ip RewriteCond %{REMOTE_ADDR} !24.228.x.x RewriteRule $ /maintenance.html [R=302,L]
Htaccess can also be used to block unwanted robots and offline browsers.
3.Deny Directory listing
Denying directory listing is another important use of htaccess.If apache cannot find the default page as defined in the configuration(generally index.html,index.php etc.) , this prevents the rest of the items in the directory display in the browser and returns a 403 Forbidden page
Options -Indexes #note that Options +Indexes will allow directory listing
4.Customized error responses
You can specify customized error response pages to display when apache encounters an error.
ErrorDocument 403 http://example.com/error.page/403.php ErrorDocument 404 http://example.com/error.page/404.php
5.Htaccess for Cache Control
Cache control is very important in terms of performance and speed of a website.Allowing seldom changed contents in a web page like images,flash movies,js,css etc to be cached by the browsers for a long time reduces site load time.
# 480 weeks <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$"> Header set Cache-Control "max-age=290304000, public" </FilesMatch> # 2 DAYS <FilesMatch "\.(xml|txt)$"> Header set Cache-Control "max-age=172800, public, must-revalidate" </FilesMatch> # 2 HOURS <FilesMatch "\.(html|htm)$"> Header set Cache-Control "max-age=7200, must-revalidate" </FilesMatch>
You can set far “future expire header” for images:
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$"> Header set Cache-Control "public" Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT" </FilesMatch>
6.URL rewriting
This is the most important and widely used feature of htaccess.htaccess along with “mod_rewrite” helps generating SEO friendly URLs and mapping it to respective files.Since URL rewriting with htaccess is a very big topic I am going to leave some great links here for it which contain rich explanations about URL rewriting.
Tags: apache, htaccess, Server Admin, web hosting, www
