htaccess file

What is a htaccess file?

“.htaccess” is a simple text file containing commands for the configuration of the Apache webserver. It allows you to personalise the server dynamically and per folder.

The configuration values are inherited through directories. Common applications for setting up a .htaccess file are switching between PHP4 and PHP5, protection of a part of the site, redirecting a website to another or customizing error messages. Once on the server, its name must be .htaccess with a point ahead.

The file has to be created with care as it will cause an Error 500 if there is any error in the file, this will block the access to your websites. Therefore, double check the syntax of the file before you are transferring it by FTP in text mode and not in binary mode.

You can create the htaccess file on Windows using notepad (do not use wordpad).
When you transfer your .htaccess file, make sure that the FTP transfer mode is set to "ASCII/TEXT" and not to "BINARY". If the file is transferred in binary mode you will get a http error 500.

Your .htaccess must end with an empty line, if it is not the case you will get an error 500.

Personalized error messages

This function allows you to replace (for example) the message of a 404 error (Not found) for a more friendly text or with a redirection to another URL (local or external).

You have to use the command ErrorDocument to do this. Following some examples of the usage:

ErrorDocument 404 /myfile404.html
ErrorDocument 404 http://www.mydomain.ext
ErrorDocument 403 /accessrefused.html

This command should be in a .htaccess file in the directory of which you wish to redirect the error messages.

(typically the root of your website but not necessarily)

Disable the listing of a directory

Following you can learn how to disable the listing of the files in a directory.

  • Step 1: Create a htaccess file

Open your favourite text editor (Bloc Notes, Vim, Emacs, whatever) and create a text file containing the following line:

Options -Indexes
ATTENTION : IndexOptions -Indexes is obsolete and does not work anymore on the web hosting platform, you have to configure it using the directive Options -Indexes
  • Step 2: Upload the file

Upload the previously created file using FTP, place it in the directory of your choice and rename it to “.htaccess” (without the quotation marks).

The only thing you have to do now, is to test it.

Prevent access to a directory

Here's how to restrict access to an IP address's list.

  • Step 1: Create a htaccess file

Open your favourite text editor (Bloc Notes, Vim, Emacs, whatever) and create a text file containing the following line:

# We authorize to access from the IP 213.228.62.50
Allow from 213.228.62.50
# We authorize to access from the IP 213.228.62.51
Allow from 213.228.62.51
# We deny the access from all other IPs
Deny from All
  • Step 2: Upload the file

Upload the previously created file using FTP, place it in the directory of your choice and rename it to “.htaccess” (without the quotation marks).

The only thing you have to do now, is to test it.

Secure a directory with an authentication

Following you will find out how to securize a directory (or your whole site), with a HTTP authentication.

In our example, the directory we want to securize is:

http://www.online.net/secret/
  • Step 1: Creation of an user table

At first you have to create a list of the users and their passwords, we call this file “passlist.txt”.

martin:$apr1$tQqqRlvz$70soamNFTNl54OnSV.RWr.
jean:$apr1$yMWZ093W$DKAVAi5.XRx1ofwF5T..E0
sophie:$apr1$92x5vRxN$vivxTZtZfcqRmRBvL1ASF/

The first part is the user name, the second part after the : is the encrypted password of the user.

If required, you may use this site to encrypt your passwords: http://www.htaccesstools.com/htpasswd-generator/

  • Step 2: Creation of the htaccess file

To limit the access to the users specified in the file “passlist.txt”, you need to create a htaccess file in the directory you want to protect. The content of the file should be as following:

AuthUserFile /PATH/passlist.txt
AuthName "Acces Restricted"
AuthType Basic
require valid-user

The “PATH” will have to be replaced by:

  • For the WEB hosting: /flex/domain/DOMAIN.TLD/site/www/
  • For the CLOUD hosting: /var/www/DOMAIN.TLD/www
You need to replace “DOMAIN.TLD” with your domain name.

The command AuthUserFile specifies the path to the users table. The path is relative to “/” of your hosting, therefore your path will generally start with at least “www/” or “blog/”.

If you have saved your users table in the directory /www/secret/password/ with the name 'mylist.txt', you need to change accordingly the directive AuthUserFile:

AuthUserFile  /flex/domain/DOMAIN.TLD/site/www/secret/password/mylist.txt

The command “require valid-user” authorizes all valid users to access the files in the folder. We can also use the following syntax:

require user martin sophie

This will authorize the users Martin and Sophie, but not Jean.

  • Step 3: Upload the files

Upload the previously created file using FTP, place it in the directory of your choice and rename it to “.htaccess” (without the quotation marks).

The only thing you have to do now, is to test it.

For those who want to learn more about this, we recommend the user guide of Apache which treats in detail all aspects of authentification.

Remarks

  • It is not possible to create a “.htaccess” file directly on the Microsoft Windows platform. Therefore you need to create the file with another name, “htaccess.txt” for example on your computer and rename it after you have uploaded it to your server.
  • You must transfer the file in the ASCII mode (refer to the documentation of your FTP client) to make sure that the 'line break' characters are preserved.
  • It is highly recommended to protect its list of passwords, for example you can store it in a subdirectory of your web site that you protect by creating a .htaccess file.

HTTP redirections

You have the possibility to configure redirections to another part of your website or to another site.

Following you can find the required steps to redirect your site to another site (to http://www.online.net for example)

  • Step 1: Create a .htaccess file with the following content
# Redirection to the site Online.net
RedirectPermanent / http://www.online.net/
  • Step 2: Upload the file

Upload the file using FTP in the folder of the concerned sub domain (Folder www for www.domain.ext, blog/ for blog.domain.ext etc.) and rename it to “.htaccess”.

The complete documentation on the Apache website.

HTML redirection

You have the possibility to configure redirections to another part of your website, or to another site directly using a HTML file.

This method is simpler but much less clean and efficient, it uses the HTML document itself to indicate the redirection.

This method should only be used when HTTP redirects are impossible.

Example of the redirection of http://old.address.fr/dossier1/page1.html to http://new.address.fr/dossier2/page2.html

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="0; url=http://new.address.fr/dossier2/page2.html" />
<title>Redirection</title>
<meta name="robots" content="noindex,follow" />
</head>
<body>
<p><a href="http://new.address.fr/dossier2/page2.html">Redirection</a></p>
</body>
</html>

PHP redirects

You have the possibility to configure redirections to another part of your website, or to another site directly using a PHP file.

Create a PHP file containing the following content to redirect http://domain.ext/index.php directly to http://newsite.com/.

<?php
header("Location: http://newsite.com/");
?>
By default the redirection returns the code HTTP 301. Do not forget to modify it, if required.

Rewrite Rules

The Apache module mod_rewrite is activated on the web hosting servers of Online.net and it works by default with htaccess files.

The directive FollowSymlinks is activated and must not be modified. Doing so will result in a HTTP 500 error.

Let us do an example, the domain name is domain.ext, the url we are going to call is http://www.domain.ext/index.php with the name of the page as argument

  • Step 1: Create a htaccess file


RewriteEngine On \\
  RewriteRule ^([^\.]+)\.html /index.php?page=$1 [L]


  • Step 2: Upload the file

Upload the file using FTP in the folder of the concerned sub domain (Folder www for www.domain.ext, blog/ for blog.domain.ext etc.) and rename it to “.htaccess”.

  • Step 3: Test


Now you can open the file http://www.domaine.ext/test.html in your web browser, index.php will be executed with the argument “test”.