A r t i c l e s
Some tips for using .HTACCESS
How to allow people to browse your FTP through HTTP?
Now the user may point their browser to http://yoursite.com/directory/subdirectory/
and see all the files in the directory
How to disable people from seeing what is in your FTP directories from their web
Some of the ways you can use htaccess:
A sample of Directives available:
That is a list of only some of the available htaccess control you have.
Deny a Domain Access to a Directory.
Deny from .thedomain.com
The 'Order' directive makes sure that 'Deny' overrides 'Allow'. i.e. make double extra sure that deny is dominant and default.
Consider that 'Allow from all' is the default from the main server configuration, so this 'Order Deny, Allow' overrides that default in the directory of your htaccess file.
Deny a Set of Files to a Domain.
Order Deny, Allow
Deny from .thedomain.com
Only .png files would be denied from .thedomain.com and only people from them.
Allow Only One Domain and One Country Access
to a Set of Files.
Order Allow, Deny
Deny from all
Allow from .somedomain.com
Allow from .ca
Above allows only people from the 'somedomain.com' server building/headquarters and people from servers in canada to view the files that begin with the letters
'test'. That sub-directories that contain any files beginning
with 'test' and files in any directories that start with 'test'.
Force All Files in a Directory to a Specific Mime-Type.
All files in the directory are treated as PNG files.
That means that even if the file has a HTML, TXT, or HTM extension, it will be treated as a PNG image.
Password Protection on Directories
AuthName Protected Directory
'AuthName' causes the browser to display a dialog s uch as "Enter the username or login for Protected Directory at www.yourdomain.com:" 'AuthType Basic'
tells it to use the 'AuthUserFile' for authentication. 'Require valid-user' only allows valid-user. See also 'Allow' and 'Deny' if you just want to block certain areas of your website completely.
The .nameoffile contains usernames followed by a colon (:) and
then 13 characters that are the encrypted password for that user.
Here is a summary/guide for many of the HTACCESS commands and directives:
- Allow (all, domain list)
- i.e. 'Allow from .yourdomain.com' or
'Allow from .yourdomain.com .somedomain.com .anothersite.com' for a list of domains
A list of domains to allow access to a directory (and sub-directories)
- Deny (all, domain list)
- i.e. 'Deny from All' A list of domains to deny access to a directory (and
- AddType (mime/type extension list)
- i.e. 'AddType image/png PGF PNG PGG' sends the mime/type to the browser, for a
particular extension. Any files ending in .PGF, PNG or .PGG would be treated as a
PNG files. See DefaultType and ForceType too.
- AuthGroupFile (filename)
- i.e. 'AuthUserFile /raid5-4_5_3/people/NTR/staff/mark/.protectedgr'
The file used to organize users into groups for easier specification.
Rarely needed. Normally if you get this fancy you should contact
your web representative for alternatives that are more powerful and efficient.
- AuthName (text)
- i.e. 'Marks Secret Directory' The realm prompt
string sent to users when they are given the login dialogue box.
In Netscape you get a prompt like 'Enter username for Marks Secret Directory
Access at www.ntr.net:' for the example above.
- AuthType (basic)
- i.e. 'AuthType Basic' The type of authentication
that uses the above 'AuthUserFile' and 'AuthGroupFile' commands is 'Basic'.
We do not currently support other types of authentication in the master
server. Contact your web representative if you wish to use alternate
methods (for power/speed/compatibility with databases etc...)
- AuthUserFile (filename)
- i.e. 'AuthUserFile /raid5-4_5_3/people/NTR/staff/mark/.secret'
The file to use as a password list created with any text editor or the
htpasswd program. The FULL path to the file MUST be specified. The
format of the file is simple, a userid followed by a colon (:) and then
the crypt() generated password entry.
You may use the http://www.ntr.net/cgi-bin/crypt.cgi
program on the web to generate these or the htpasswd program can add them
directly to the file.
- DefaultType (mime/type)
- i.e. 'DefaultType text/html' for
files that do not have an extension or have an unknown extension the server
must make a guess as to what mime type to tell the browser it is sending.
We default the ntr.net servers to text/plain so that we can spot extension
typos easily. If you are prone to leaving the extensions off a certain
type of file or don't want bad extensions to show as text you may set this
to ANY mime/type you like. See ForceType and AddType
- ErrorDocument (3-digit-code filename or text or url)
- i.e. 'ErrorDocument 401 /~userid/error401.html' Set up custom error messages
and responses when a user visits an incorrect web page address, or recieves a web
page error. Custom errors give a web site a more confortable look and feel to the
- Used to apply directives to only a select group of files. You could also use
this along with with 'Require' and 'Auth*' to password protect access to *.png
files or *jpg files.
An example opening directive would be: '' that would be
followed by a directive like 'Deny from .microsoft.com' and then by
'' each on their own line. This would dis-allow sending any PNG files
for people coming from microsoft.
i.e. 'ForceType image/png' tells the web browser of a particular type of file
no matter what the extension actually is. This not used as much as DefaultType and
i.e. Indexes Includes FollowSymLinks
Order (Allow,Deny or Deny,Allow)
Specifies the order of which rule is considered first. The examples in 'Allow'
and 'Deny' offer more information.
If Deny is considered before Allow, then no one (even on the local network) may
enter the site. If 'Allow' is the first rule in the order, then .yourdomain.com
domain IPs would be admitted, and no one else.
Require (user user list, group group list valid-user)
i.e. 'Require User joe sherry terry50 johnson5' The user must login with
the specified user name(s), be in the specified groups. Or in the case of
Valid-User - must be authorized by the Auth* commands.
Satisfy (any, all)
i.e 'Satisfy All' If you have BOTH 'Allow' and 'Require' directives in a
single directory the server needs to know if it is supposed to check all or one.
It's similar to programming, when you use OR versus AND. Do you want both, or just
one of the requirements in order to continue? This is useful if you need to
password protect an area from general visotors, while still allowing people full
access who are from a specific address.
Website Errors and Custom Error Documents
You can use a simple html page error message, a simple text message, a cgi program, another domain name's page.
- ErrorDocument 401 /cgi-bin/error/401program.cgi
- ErrorDocument 402 http://www.anotherdomain.com/page.htm
- ErrorDocument 403 "This is a 404 error!
- ErrorDocument 404 /~me/errors/My404Error.htm
In the first example the double quote symbol means that you are sending a simple text message instead of an actual website page or website address. Use the double quote symbol at the beginning only (i.e. no need to enclose the text message in quotes, you only need the quote at the beginning!)
Note: This Wiki is outdated, personal views may have changed.
This wiki contains info on life, health, humans, nature, programming, database, fads, paradigms, poems, principles, theories.
Articles may contain statements which some may find helpful and encouraging, or even discouraging.
Beware, I believe in the Grand Justice system.