htaccess examples

apache

Temporarily take site down for maintenance

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^111\.111\.222\.111
RewriteCond %{REQUEST_URI} !/index.html$
RewriteRule $ /index.html [R=302,L]

or

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/oldsite/
RewriteCond %{REMOTE_HOST} !^123\.111\.123\.111
RewriteRule (.*) http://www.thedomain.com/oldsite/$1 [R=301,L]

Redirecting to a New Domain

Options +FollowSymLinks
RewriteEngine on
RewriteRule (.*) http://www.newdomain.com/$1 [R=301,L]

Force https use

RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://www.thedomain.com/ [R]

or


RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Use a Custom Error Document

ErrorDocument 404 /mynotfound.html

Allowing access only from internal network

order deny,allow
allow from 123.123.
deny from all

Blocking Unwanted User-Agents

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^(.*)80legs [NC,OR]
RewriteRule ^(.*)$ http://80legs.com/ [L,R=301]

Password protecting a directory with htaccess and htpasswd

Enter the following into the .htaccess file:

AuthUserFile /path/to/.htpasswd
AuthName "Restricted Area"
AuthType Basic
Require valid-user

And then create the .htpasswd file with the following:

htpasswd -c .htpasswd theusername

There are also online tools for creating the paswords e.g.:
http://www.htaccesstools.com/htpasswd-generator/

Redirect old address to new domain

Example http://www.domain.co.uk/mysite to http://www.mysite.com

Options +FollowSymLinks
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} ^www.domain.co.uk [NC]
RewriteRule ^(.*)$ http://www.mysite.com/$1 [L,R=301]

Allowing Directory Browsing in single directories with .htaccess

Having a directory full of downloadable files can be useful and although it is generally accepted that allowing directory browsing from within the Apache configuration file might be a bit of a security issue, directory browsing for single directories can be useful and can be achieved using the following in a .htaccess file:

Options +Indexes
DirectoryIndex nonexistantfile.html nonexistantfile.htm

The reason why I have specified the DirectoryIndex as nonexistantfile.html is to ensure that if someone (or script) accidentally copies an index.html file into the directory that it won’t be used and instead the contents of the directory will be listed/browsable. Some Content Management Systems will copy new index.html files into directories even if you don’t want them 😉.htaccess URL Rewriting
The following tool is useful for generating Rewrite Rules for SEO friendly URL’s in an Apache .htaccess file.
http://www.linkvendor.com/seo-tools/url-rewrite.html

.htaccess Referers

I recently needed an intranet website to be protected so that only authorised users could get access to it. Since there is already a part of the website which requires a login and authentication to a directory I had a link placed on this page. The .htaccess file needed to accept referers only from the domain of the authenticated site. Since this new site was a single html page with hundreds of links to PDF files I also needed to add a referer for the HTML page that contained the links. Clear as mud? Yes. OK an example. The following code will not allow connections directly to www.theseconddomain.com .
www.theseconddomain.com can only be accessed by clicking a link on www.thefirstdomain.co.uk that points to www.theseconddomain.com

SetEnvIfNoCase Referer www\.thefirstdomain\.co\.uk good_referer=1
SetEnvIfNoCase Referer www\.theseconddomain\.com/index.html good_referer=1
order allow,deny
allow from env=good_referer
ErrorDocument 403 http://www.thefirstdomain.co.uk/error.htm

Apache Authentication with Active Directory (LDAP)

Good article about this here.

A .htaccess file can be used to protect a directory on an Apache2 server. The code to use is:

AuthType Basic
AuthBasicProvider ldap
AuthUserFile /dev/null
AuthName "Test LDAP"
AuthLDAPURL "ldap://xxxx.ads.tla.co.uk:389/OU=Staff,OU=ORG,dc=ads,dc=tla,dc=co,dc=uk?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN CN=FullDNtoADuser,DC=tld,DC=co,DC=uk
AuthLDAPBindPassword myADpassword
AuthLDAPGroupAttributeIsDN on
require valid-user

The values need to be changed to reflect the Active Directory structure. The most important line appears to be AuthLDAURL which is the LDAP search.

To use Exchange it may be possible to use:

AuthLDAPURL "ldap://ldap.yourdomain.com:389/cn=Recipients,ou=ServerName,o=DomainName?uid?sub?(objectClass=*)"

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>