A r t i c l e s
Navigation

Note: This site is
a bit older, personal views
may have changed.

M a i n P a g e

D i r e c t o r y
htaccess guide


Some tips for using .HTACCESS 
How to allow people to browse your FTP through HTTP?

 Options +Indexes

Now the user may point their browser to http://yoursite.com/directory/subdirectory/
and see all the files in the directory


How to disable people from seeing what is in your FTP directories from their web 
browser?

 Options -Indexes
Some of the ways you can use htaccess: A sample of Directives available:
  • AddType

  • Allow

  • AuthUserFile

  • AuthGroupFile

  • AuthType

  • AuthName

  • DefaultType

  • Deny

  • ErrorDocument

  • ForceType

  • Options

  • Order

  • Require

  • Satisfy
That is a list of only some of the available htaccess control you have.

Deny a Domain Access to a Directory. 

  Order Deny,Allow
  Deny from .thedomain.com
The 'Order' directive makes sure that 'Deny' overrides 'Allow'. i.e. make double extra sure that deny is dominant and default.
Consider that 'Allow from all' is the default from the main server configuration, so this 'Order Deny, Allow' overrides that default in the directory of your htaccess file.
Deny a Set of Files to a Domain. 
  
    Order Deny, Allow
    Deny from .thedomain.com
Only .png files would be denied from .thedomain.com and only people from them.
Allow Only One Domain and One Country Access to a Set of Files. 
  
    Order Allow, Deny
    Deny from all
    Allow from .somedomain.com
    Allow from .ca
Above allows only people from the 'somedomain.com' server building/headquarters and people from servers in canada to view the files that begin with the letters 'test'. That sub-directories that contain any files beginning with 'test' and files in any directories that start with 'test'.
Force All Files in a Directory to a Specific Mime-Type. 
  ForceType image/png
All files in the directory are treated as PNG files. That means that even if the file has a HTML, TXT, or HTM extension, it will be treated as a PNG image.
Password Protection on Directories 
  AuthName Protected Directory
  AuthType Basic
  Require valid-user
  AuthUserFile /home/yourusername/mypasswords/.nameoffile
.nameoffile contains: 
  user1:gfdgshjjsdh
  user2:dgdhstthsd
  ...
'AuthName' causes the browser to display a dialog s uch as "Enter the username or login for Protected Directory at www.yourdomain.com:" 'AuthType Basic' tells it to use the 'AuthUserFile' for authentication. 'Require valid-user' only allows valid-user. See also 'Allow' and 'Deny' if you just want to block certain areas of your website completely.

The .nameoffile contains usernames followed by a colon (:) and then 13 characters that are the encrypted password for that user.

Here is a summary/guide for many of the HTACCESS commands and directives:
Allow (all, domain list)
i.e. 'Allow from .yourdomain.com' or 'Allow from .yourdomain.com .somedomain.com .anothersite.com' for a list of domains A list of domains to allow access to a directory (and sub-directories)

Deny (all, domain list)
i.e. 'Deny from All' A list of domains to deny access to a directory (and sub-directiories)

AddType (mime/type extension list)
i.e. 'AddType image/png PGF PNG PGG' sends the mime/type to the browser, for a particular extension. Any files ending in .PGF, PNG or .PGG would be treated as a PNG files. See DefaultType and ForceType too.

AuthGroupFile (filename)
i.e. 'AuthUserFile /raid5-4_5_3/people/NTR/staff/mark/.protectedgr' The file used to organize users into groups for easier specification. Rarely needed. Normally if you get this fancy you should contact your web representative for alternatives that are more powerful and efficient.

AuthName (text)
i.e. 'Marks Secret Directory' The realm prompt string sent to users when they are given the login dialogue box. In Netscape you get a prompt like 'Enter username for Marks Secret Directory Access at www.ntr.net:' for the example above.

AuthType (basic)
i.e. 'AuthType Basic' The type of authentication that uses the above 'AuthUserFile' and 'AuthGroupFile' commands is 'Basic'. We do not currently support other types of authentication in the master server. Contact your web representative if you wish to use alternate methods (for power/speed/compatibility with databases etc...)

AuthUserFile (filename)
i.e. 'AuthUserFile /raid5-4_5_3/people/NTR/staff/mark/.secret' The file to use as a password list created with any text editor or the htpasswd program. The FULL path to the file MUST be specified. The format of the file is simple, a userid followed by a colon (:) and then the crypt() generated password entry. You may use the http://www.ntr.net/cgi-bin/crypt.cgi program on the web to generate these or the htpasswd program can add them directly to the file.

DefaultType (mime/type)
i.e. 'DefaultType text/html' for files that do not have an extension or have an unknown extension the server must make a guess as to what mime type to tell the browser it is sending. We default the ntr.net servers to text/plain so that we can spot extension typos easily. If you are prone to leaving the extensions off a certain type of file or don't want bad extensions to show as text you may set this to ANY mime/type you like. See ForceType and AddType

ErrorDocument (3-digit-code filename or text or url)
i.e. 'ErrorDocument 401 /~userid/error401.html' Set up custom error messages and responses when a user visits an incorrect web page address, or recieves a web page error. Custom errors give a web site a more confortable look and feel to the visitor.

Used to apply directives to only a select group of files. You could also use this along with with 'Require' and 'Auth*' to password protect access to *.png files or *jpg files.

An example opening directive would be: '' that would be followed by a directive like 'Deny from .microsoft.com' and then by '' each on their own line. This would dis-allow sending any PNG files for people coming from microsoft.

ForceType (mime/type)
i.e. 'ForceType image/png' tells the web browser of a particular type of file no matter what the extension actually is. This not used as much as DefaultType and AddType.

Options
i.e. Indexes Includes FollowSymLinks

Order (Allow,Deny or Deny,Allow)
Specifies the order of which rule is considered first. The examples in 'Allow' and 'Deny' offer more information. If Deny is considered before Allow, then no one (even on the local network) may enter the site. If 'Allow' is the first rule in the order, then .yourdomain.com domain IPs would be admitted, and no one else.

Require (user user list, group group list valid-user)
i.e. 'Require User joe sherry terry50 johnson5' The user must login with the specified user name(s), be in the specified groups. Or in the case of Valid-User - must be authorized by the Auth* commands.

Satisfy (any, all)
i.e 'Satisfy All' If you have BOTH 'Allow' and 'Require' directives in a single directory the server needs to know if it is supposed to check all or one. It's similar to programming, when you use OR versus AND. Do you want both, or just one of the requirements in order to continue? This is useful if you need to password protect an area from general visotors, while still allowing people full access who are from a specific address.

Website Errors and Custom Error Documents

  • ErrorDocument 401 /cgi-bin/error/401program.cgi

  • ErrorDocument 402 http://www.anotherdomain.com/page.htm

  • ErrorDocument 403 "This is a 404 error!

  • ErrorDocument 404 /~me/errors/My404Error.htm
You can use a simple html page error message, a simple text message, a cgi program, another domain name's page.

In the first example the double quote symbol means that you are sending a simple text message instead of an actual website page or website address. Use the double quote symbol at the beginning only (i.e. no need to enclose the text message in quotes, you only need the quote at the beginning!)

About
This site is about programming and other things.
_ _ _