Tryangled Dev

To fully comprehend the .htaccess file and appreciate its usefulness, we first must discuss the main Apache configuration file, called httpd.conf. The httpd.conf file, known simply as the config file, is where the Apache web server’s configuration details are held, including modules, directives, port numbers and other values.. It resides on the administrator’s machine.

Every time an Apache-based web site is loaded, the httpd.conf file is consulted and interpreted. Whenever the file is modified, the administrator restarts (or bounces) the web server, which will compile the httpd.conf file again with the modifications intact.

However, when web servers are built to support outside clients, like a web hosting company’s web servers, administrators do not want clients to have access to the httpd.conf file. If they did, customers could inflict extreme damage on the server. However, at the same time, there are many utilities that customers should have the freedom to explore for their web site.

What is the solution? You guessed it, the .htaccess file. This file is merely an extension to the httpd.conf file; only this time, customers have access to it. Restrictions are placed on the .htaccess file to prevent customers from intentionally or inadvertently damaging default server configurations. Each time an Apache-based web page is loaded, the nearest .htaccess file is consulted and interpreted. The web server does not need to be restarted (or bounced) after each change of the .htaccess file. The file simply needs to be re-uploaded.

Since we now know a little about what the .htaccess file is and what it does, we can examine the magic of the file and look at some typical implementations.

*  Server-side includes are macros within HTML expanded on the fly
o Dynamically
o Conditionally
* Usage:

AddType text/html .shtml
AddHandler server-parsed .shtml

* See Apache’s Handler Use and mod_include documentation for more information.
* ITS has documentation on Server Side Includes at Monash

*  Some sites establish site wide 404 error pages. For example:
There is a Characterology Default 404 error page.
* 404 handlers can be created by every web hosting user. They can even be put in every indivdual directory. For example:
Psychology Department’s Error Page
* Usage:

ErrorDocument 404 errors/404.html

Note: It’s probably better to start with a leading / so that this directive has a complete path specification to make sure that the 404 handler page can always be found.
* You can also have error documents created by CGI:

ErrorDocument 404 /psych/cgi-bin/error/error?404

* An example of the power of customized error documents is for telling people why their authentication failed

*  The dot in .htaccess makes it a ‘hidden’ Unix file. It is not listed in a normal directory listing. If default directory indexes are enabled on the web server, this file will be hidden in those lists also.
* It is a plain ASCII text file. It should be editted with an ASCII text editor like notepad.
* Comments are marked with a hash (#) at the start of the line.

# this is a commented-out line

* It needs to be readable by the server (’world’ readable), which can be a security problem.

*  Specify custom error documents
* Add special document handlers and MIME types
* Set environment variables
* Redirect URLs from one to another
* Rewrite one URL into another
* Restrict documents to specific people

Simply put, they are invisible plain text files where one can store server directives. Server directives are anything you might put in an Apache config file (httpd.conf) or even a php.ini**, but unlike those “master” directive files, these .htaccess directives apply only to the folder in which the .htaccess file resides, and all the folders inside.

This ability to plant .htaccess files in any directory of our site allows us to set up a finely-grained tree of server directives, each subfolder inheriting properties from its parent, whilst at the same time adding to, or over-riding certain directives with its own .htaccess file. For instance, you could use .htacces to enable indexes all over your site, and then deny indexing in only certain subdirectories, or deny index listings site-wide, and allow indexing in certain subdirectories. One line in the .htaccess file in your root and your whole site is altered. From here on, I’ll probably refer to the main .htaccess in the root of your website as “the master .htaccess file”, or “main” .htaccess file.

There’s a small performance penalty for all this .htaccess file checking, but not noticeable, and you’ll find most of the time it’s just on and there’s nothing you can do about it anyway, so let’s make the most of it..

You can customize error messages (404 Not Found, for example) by creating a file called .htaccess and including the appropriate entries. This file should be uploaded to your root directory (i.e., the “www” folder for your account).

Some of the most common messages are as follows:
Error in Client
400 Bad syntax
401 Unauthorized
402 Not Used (Payment Granted)
403 Forbidden
404 Not Found

Error in Server
500 Internal Error
501 Not Implemented
502 Overloaded
503 Gateway Timeout

You can customize error messages for your site as follows:
Create the HTML page you want to use as your error message and upload it to your web directory (/home/username/www). Next, edit your .htaccess file (or create one using a text editor) and add lines which specify the substitution.

Here are three examples of specifying error documents which will be called for a given error condition (note that you can use relative “thisfile.html” or absolute addressing “http://www .yourdomain.com/thisfile.html”):

ErrorDocument 401 http://yourdomain.com/nopasswordd.html
ErrorDocument 403 /forbidden.html
ErrorDocument 404 http://www.yourdomain.com/nofile.html

note: that Windows will not allow you to create a file called .htaccess. It will be necessary to create this file using another name and then rename it once you have uploaded it to your site.

Some FTP programs dont show dot files, files or directories that starts with a “.”, by default.
Below is instructions on how to show dot files in popular FTP programs.

FileZilla

1. View -> Show hidden files.

Cute FTP

1. Open the Site Manager (press F4) and click on the name of the relevant site.
2. Click the Actions tab, then click Filter.
3. Select the Enable Filtering check box.
4. In Server side filtering, select the Enable Server Side Filtering check box.
5. In the Remote Filter box, type -a.
6. Click OK, then click Connect.

WS_FTP Pro (7.62)

1. Sites
2. Organize sites
3. Site options
4. Startup tab
5. In Remote Filter Mask box enter -a

Windows will not let you rename a file to “.htaccess”. You will get an error “You must type a filename” if you try. Instead you can open the file you want to rename in a text editor, ie Notepad. Choose “Save as..” and select “All types (*.*)” next to file type. Now type the filename “.htaccess” and click save.

In case your web hosting account is not configured to server certain mime types with the proper content type. You can change this using .htaccess file.

For example if you need to configure your server to display ASX files:

AddType video/x-ms-asf asf asx

For windows media audio WMA

AddType audio/x-ms-wma .wma

There is one more useful feature of the AddType directive. Most of you most probably know that Internet Explorer opens MS Word, Excell, PDF and some other files inside a browser window. To force the browser to download the file you can use AddType to change the document type:

AddType application/octet-stream .doc .xls .pdf