User Tools

Site Tools


htaccess_recipes

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
htaccess_recipes [2022/02/13 20:59] – changed to internal DokuWiki link jquahhtaccess_recipes [2022/08/01 20:35] (current) – added link to faq page that indicates which hosts run which web server. peteyboy
Line 1: Line 1:
 ====== .htaccess recipes ====== ====== .htaccess recipes ======
 +
 +:!: Note: ''.htaccess'' only works at SDF on pages served by Apache, which at the time of this writing (2022/02/23) is [[https://sdf.org/?faq?WEB?05|only on the cluster]]. Meaning that ''.htaccess'' will not do anything if placed in folders served by [[metaarray|The MetaArray]] or VHOST
 +
  
 === Introduction === === Introduction ===
  
-.htaccess is the default file used by the [[http://httpd.apache.org/|Apache HTTP server]] (and others) in order to allow dynamic configuration. It's a plain text file that uses the same syntax present in the main configuration files (e.g., httpd.conf). It can contain a subset of Apache directives. The size of this subset depends on wheter the directives can be overridden or not (and this is present in the server configuration). In the Apache documentation you can see if a directive can be placed in a .htaccess file by checking that in the Context: line appears .htaccess. For instance, it's possible for the [[http://httpd.apache.org/docs/2.2/mod/core.html#forcetype|ForceType]] directive, but it's not for the  [[http://httpd.apache.org/docs/2.2/mod/core.html#errorlog|ErrorLog]] directive. file.+''.htaccess'' is the default file used by the [[http://httpd.apache.org/|Apache HTTP server]] (and others) in order to allow dynamic configuration. It's a plain text file that uses the same syntax present in the main configuration files (e.g., ''httpd.conf''). It can contain a subset of Apache directives. The size of this subset depends on wheter the directives can be overridden or not (and this is present in the server configuration). In the Apache documentation you can see if a directive can be placed in a ''.htaccess'' file by checking that in the Context: line appears ''.htaccess''. For instance, it's possible for the [[http://httpd.apache.org/docs/2.2/mod/core.html#forcetype|ForceType]] directive, but it's not for the  [[http://httpd.apache.org/docs/2.2/mod/core.html#errorlog|ErrorLog]] directive. file.
  
-The configuration directives placed in a .htaccess file will take effect immediately when a document, located in the directory where the .htaccess file is located and all subdirectories, is accessed. The server will also search for .htaccess files in all the parent directories. If there is a conflicting configuration directive, the server will apply the one that is in the .htaccess file closer to the requested resource. For instance, suppose that X and Y are two generic options. If you have ''Options +X -Y'' in $HOME/html/.htaccess and ''Options -X'' in $HOME/html/files/test/.htaccess, when you access a file in http://YOURUSERNAME.freeshell.org/files/test/ (and all subdirectories, unless you have another .htaccess file that reverts the configuration) options X and Y will be disabled, but if you access a file in http://YOURUSERNAME.freeshell.org/files/ (and above) option X will be enabled and option Y disabled.+The configuration directives placed in a ''.htaccess'' file will take effect immediately when a document, located in the directory where the ''.htaccess'' file is located and all subdirectories, is accessed. The server will also search for ''.htaccess'' files in all the parent directories. If there is a conflicting configuration directive, the server will apply the one that is in the ''.htaccess'' file closer to the requested resource. For instance, suppose that X and Y are two generic options. If you have ''Options +X -Y'' in $HOME/html/.htaccess and ''Options -X'' in $HOME/html/files/test/.htaccess, when you access a file in http://YOURUSERNAME.freeshell.org/files/test/ (and all subdirectories, unless you have another ''.htaccess'' file that reverts the configuration) options X and Y will be disabled, but if you access a file in http://YOURUSERNAME.freeshell.org/files/ (and above) option X will be enabled and option Y disabled.
  
-Remember that .htaccess files must be readable by the server, so you can ''chmod 640 .htaccess'' in order to give it the correct permissions. It's, however, a good practice to run ''mkhomepg -p'' in your SDF shell everytime you play with files in your html directory.+Remember that ''.htaccess'' files must be readable by the server, so you can ''chmod 640 .htaccess'' in order to give it the correct permissions. It's, however, a good practice to run ''mkhomepg -p'' in your SDF shell everytime you play with files in your html directory.
  
-Additional information about .htaccess files can be found in:+Additional information about ''.htaccess'' files can be found in:
  
   * [[http://httpd.apache.org/docs/2.2/howto/htaccess.html|Apache Tutorial: .htaccess files]]   * [[http://httpd.apache.org/docs/2.2/howto/htaccess.html|Apache Tutorial: .htaccess files]]
Line 15: Line 18:
   * [[http://www.htaccess-guide.com/|htaccess-guide.com]]   * [[http://www.htaccess-guide.com/|htaccess-guide.com]]
  
-OK, let's see some recipes. The URL http://YOURUSERNAME.freeshell.org/ will be used in the examples, so modify it to suit your needs and remember that your .htaccess file will be placed in $HOME/html/ or in directories under it. Examples solve a specific issue, but they can give you an idea on how to deal with something more generic (i.e., an example could be referred to .pl files, but with a search of the mentioned directives you could generalize it). If you need some help, jump on com or post your request on bboard.+OK, let's see some recipes. The URL http://YOURUSERNAME.freeshell.org/ will be used in the examples, so modify it to suit your needs and remember that your ''.htaccess'' file will be placed in ''$HOME/html/'' or in directories under it. Examples solve a specific issue, but they can give you an idea on how to deal with something more generic (i.e., an example could be referred to .pl files, but with a search of the mentioned directives you could generalize it). If you need some help, jump on com or post your request on bboard.
  
  
Line 26: Line 29:
 ===== Deny directory listing ===== ===== Deny directory listing =====
  
-If you type http://YOURUSERNAME.freeshell.org/pics/ you will see a list of the files present in pics. Probably you don't want this (if you don't want that other people see your private stuff, don't put it on-line, or, at least, [[http://freeshell.org/index.cgi?faq?WEB?04|password protect them]]). Add this to your .htaccess file:+If you type http://YOURUSERNAME.freeshell.org/pics/ you will see a list of the files present in pics. Probably you don't want this (if you don't want that other people see your private stuff, don't put it on-line, or, at least, [[http://freeshell.org/index.cgi?faq?WEB?04|password protect them]]). Add this to your ''.htaccess'' file:
  
 ''Options -Indexes'' ''Options -Indexes''
  
 +===== Save the current directory as an environment variable =====
 +
 +You might already be aware that the options in an htaccess file will affect all the files in subdirectories of the htaccess file location, unless overridden by htaccess files deeper into the path. But did you ever wish you could dynamically infer the location of your base htaccess file, for substitution into later directives? It turns out that Perl regexes (used in Apache's mod_rewrite) are flexible enough to do the trick.
 +
 +If you made your website accessible via tilde-style URLs (running ''mkhomepg -d'' at the shell), then requests to anything under http://sdf.org/~YOURUSERNAME will have a different setting for DOCUMENT_ROOT than requests to the same content at http://YOURUSERNAME.sdf.org (assuming that ~/html and ~/public_html are symlinks to the same folder). A single htaccess serving both types of URLs cannot blindly make relative path substitutions in a RewriteRule directive (or even well-intentioned absolute path substitutions based on your knowledge of the SDF filesystem). Instead, you can first pass the requested URL through a do-nothing RewriteRule (the //pattern// ''^.*$'' matches everything, and the //substitution// ''-'' leaves it unchanged), extracting the current directory into the environment variable ''CWD''. Then you can use the value of ''CWD'' in a subsequent RewriteRule that performs an actual substitution. Here is an example:
 +
 +<code>
 +RewriteEngine on
 +RewriteBase "/"
 +RewriteCond $0#%{REQUEST_URI} ([^#]*)#(.*)\1$
 +RewriteRule ^.*$ - [E=CWD:%2]
 +
 +RewriteCond %{HTTP_HOST} ^(www\.)?sdf\.org$
 +RewriteCond %{REQUEST_FILENAME} !-f
 +RewriteCond %{REQUEST_FILENAME} !-d
 +RewriteRule ^.*$ %{ENV:CWD}/custom404.html
 +</code>
 +
 +The # symbol serves as an arbitrary delimiter, ensuring that the second parenthesized group captures the working directory that's known to the server at the time of processing. Whether the working directory is an absolute pathname on the filesystem or an alias that will later be expanded by mod_userdir, the environment variable ''CWD'' will have a value compatible with the order in which Apache processes UserDir and RewriteRule directives.
 +
 +This example can be extended to perform different redirections depending on which virtual host handled the transaction (just create a new stanza with a different condition on %{HTTP_HOST}). In this way you can give your visitors the same experience whether they've bookmarked your site as http://YOURUSERNAME.sdf.org or http://sdf.org/~YOURUSERNAME, without having to duplicate your content in multiple folders.
 +
 +Because these RewriteRules impose additional processing demands on the server for each request, hacks like these should be a last resort. If the other workarounds mentioned in [[custom_error_pages_for_your_site|custom error pages for your site]] address your use case, they should be implemented instead.
 ===== Add (or force) MIME-type ===== ===== Add (or force) MIME-type =====
  
Line 54: Line 80:
 ==== I want to access files without extension, but my (cgi|pl|php) is not found ==== ==== I want to access files without extension, but my (cgi|pl|php) is not found ====
  
-Suppose that you have a cgi file called script.cgi and that, **once you enable MultiViews** (see above), when you access http://YOURUSERNAME.freeshell.org/script you get a 404 page. It's likely that the server have some problems in determining the MIME-type. In this case, put in your .htaccess file:+Suppose that you have a cgi file called script.cgi and that, **once you enable MultiViews** (see above), when you access http://YOURUSERNAME.freeshell.org/script you get a 404 page. It's likely that the server have some problems in determining the MIME-type. In this case, put in your ''.htaccess'' file:
  
 ''AddType application/x-httpd-cgi .cgi'' ''AddType application/x-httpd-cgi .cgi''
Line 86: Line 112:
 ''AddCharset UTF-8 .cn'' ''AddCharset UTF-8 .cn''
  
-only .cn.html files will have UTF-8 as the default encoding. (The order of the language in the extension is not relevant, i.e., the files could have been html.en and html.cn; also, the leading dot in the extension in the .htaccess file is optional).+only .cn.html files will have UTF-8 as the default encoding. (The order of the language in the extension is not relevant, i.e., the files could have been html.en and html.cn; also, the leading dot in the extension in the ''.htaccess'' file is optional).
  
 ===== Password protect your directories ===== ===== Password protect your directories =====
Line 94: Line 120:
 ===== Force visitors to use SSL/HTTPS ===== ===== Force visitors to use SSL/HTTPS =====
  
-As SDF expands its support of [[https://letsencrypt.org/|Let's Encrypt]], offering free SSL certificates, you may wish to require all visitors of your site to use HTTPS. (This also may improve your search engine ranking, and many Web browsers will soon flag non-SSL sites as "Not Secure.") Adding this to the .htaccess file in your site's root directory will redirect your non-HTTPS visitors accordingly:+As SDF expands its support of [[https://letsencrypt.org/|Let's Encrypt]], offering free SSL certificates, you may wish to require all visitors of your site to use HTTPS. (This also may improve your search engine ranking, and many Web browsers will soon flag non-SSL sites as "Not Secure.") Adding this to the ''.htaccess'' file in your site's root directory will redirect your non-HTTPS visitors accordingly:
  
 <code> <code>
Line 102: Line 128:
 </code> </code>
  
-If this suddenly renders your whole site inaccessible, be sure the permissions on the .htaccess file itself are suitable (chmod 644, or run ''mkhomepg -p'') -- the default umask will not allow the Web server itself to read your .htaccess file.+If this suddenly renders your whole site inaccessible, be sure the permissions on the ''.htaccess'' file itself are suitable (chmod 644, or run ''mkhomepg -p'') -- the default umask will not allow the Web server itself to read your ''.htaccess'' file.
  
 $Id: htaccess.html,v 1.3 2018/07/30 15:30:01 dave Exp $ [[http://sdf.org/?tutorials/htaccess|.htaccess recipes]] - traditional link (using [[wp>Revision_Control_System|RCS]]) $Id: htaccess.html,v 1.3 2018/07/30 15:30:01 dave Exp $ [[http://sdf.org/?tutorials/htaccess|.htaccess recipes]] - traditional link (using [[wp>Revision_Control_System|RCS]])
  
htaccess_recipes.1644785944.txt.gz · Last modified: 2022/02/13 20:59 by jquah