.htaccess
From OCF Help
.htaccess file is accessed by Apache http daemon in order to perform various functions. The following are just a few of the main uses.
Contents |
Redirecting
Redirecting can be used when a page has been moved and you would like to direct visitors to the new location. This can also done with HTML tags. Another use for redirecting via .htaccess is for restricting access to sensitive files via http. For example, if you had a configuration file for your web application which needs to be world-readable and contains sensitive information (like passwords, either in clear-text or encrypted), you can make it less vulnerable by using .htaccess to redirect requests for that file to some default page like index.html. This does not make it immune from being read by other uses who has shell access on OCF, however.
Redirection can be done in two ways. One is via Redirect directive, and the other is via the use of Rewrite Engine.
Redirect directive
This is the simplest way to do redirection, and it works just like the HTML META tags, except that since this is done on the server side, it does not require support from the Web browsers. To redirect, put the following line in your .htaccess file:
Redirect 303 /~username/path/to/file.html http://www.ocf.berkeley.edu/~username/newfile.html
The number right after "Redirect" is optional. It returns a status code that the users' web browser may know what to do with. Note that you can either enter the numerical code or the word in place. Following is the list of codes and the explanation from the Apache website:
- permanent(301): Returns a permanent redirect status (301) indicating that the resource has moved permanently.
- temp(302): Returns a temporary redirect status (302). This is the default.
- seeother(303): Returns a "See Other" status (303) indicating that the resource has been replaced.
- gone(410): Returns a "Gone" status (410) indicating that the resource has been permanently removed. When this status is used the url argument should be omitted.
Here is another example using the last status code:
Redirect gone /~username/path/to/gone/file.html
Yes, this isn't really a redirect—this simply informs users that the page has been removed.
The third (or second, if you omitted the status code) entry is the full path of the file relative to the Web root directory. It will always contain /~username/, where username is your OCF username (and part of the normal URL). The last entry should be a full URL to the location you want to redirect the user to.
Note that if the file path/to/file.html (in the first example) does not exist at all, the Web server will return notfound(403) error code and the user will not be redirected. In this case, you will need to create an empty file to make it work. The following command at a Unix prompt (replace /u/username/path/to/file.html appropriately, where /u/username/ should be replaced with the first character of your username and your OCF username) will create an empty file.
touch /services/http/users/u/username/path/to/file.html
Rewrite Engine
Disable hotlinking
If you don't want people using your images hosted on your webspace straight on their own pages, you can disable hotlinking by adding the following to your .htaccess file. For the following examples, it's helpful to know regular expressions.
RewriteEngine On
Disable hot linking of certain file types on your site:
RewriteCond %{REQUEST_FILENAME} .*png$|.*jpg$|.*mp3$ [NC]
Referrer mustn't be blank:
RewriteCond %{HTTP_REFERER} !^$
Whitelisting: Allow hotlinking from these domains (and Google cache and Google Images):
RewriteCond %{HTTP_REFERER} !^http://(www\.)?ocf.berkeley.edu/.*$ [NC]
RewriteCond %{HTTP_REFERER} !someplace.berkeley\.edu [NC]
RewriteCond %{HTTP_REFERER} !google\. [NC]
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
Option 1: Create a failed request:
RewriteRule \.(png|jpg|mp3)$ - [F]
Option 2: Redirect to another image:
RewriteRule \.(png|jpg)$ http://someplace.ocf.berkeley.edu/nohotlinkinghere.png [R,L]
Password Protection
See How to restrict access to a page.
Custom Error Pages (401, 402, 403, 404...)
You can create custom pages to replace the default pages generated with HTTP status codes like the common Error 404 message. Here's how:
- Create a file called .htaccess, and inside that file, add the following line:
ErrorDocument 404 /yourcustom404.html
- You can also specify custom error pages for other numbers, like 401, 402, 403... by adjusting to the appropriate number:
ErrorDocument 401 /yourcustom401.html ErrorDocument 401 /yourcustom402.html ErrorDocument 403 /yourcustom403.html ErrorDocument 404 /yourcustom404.html
- When you're done, place the .htaccess file within your public_html directory, along with your custom error webpages. Then test to see if they work (in the case of 404, try a URL in your website you know doesn't exist).
- For a fuller list of HTTP status codes, see:
- http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
- http://www.askapache.com/htaccess/apache-status-code-headers-errordocument.html
Prevent Directory Listings
- To prevent people from browsing a particular directory in your website, add the following line to your .htaccess file in that directory:
IndexIgnore *
- If you want to hide specific filetypes, you can do something like this (in this case, .txt and .zip files would be hidden):
IndexIgnore *.txt *.zip
- You can also ignore a combination of directories, files, etc. The following example hides a folder called "icons" and two files "header.html" and "footer.html":
IndexIgnore *~/icons header.html footer.html
Set a different default directory page
To set your default directory page to anything other than the default (ex. index.html), add this line to your .htaccess file:
DirectoryIndex otherindex.html
If you specify multiple file names, it will start from the left, and if that page is not found in that directory, it will continue to the next file name.
DirectoryIndex otherindex.html otherindex2.htm otherindex3.php
