From: Apache Wiki <[EMAIL PROTECTED]>
Date: January 3, 2007 2:26:49 PM GMT+01:00
To: [EMAIL PROTECTED]
Subject: [General Wiki] Trivial Update of "htaccess" by JohnCrown
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "General
Wiki" for change notification.
The following page has been changed by JohnCrown:
http://wiki.apache.org/general/htaccess
New page:
= How do I use .htaccess files? =
Implementation of .htaccess files is universal across the Internet.
Many manuals are available online. You can visit your favorite
search engine and search for 'htaccess', and you'll probably find a
nice tutorial just like [http://httpd.apache.org/docs/2.0/howto/
htaccess.html this one]! Once you have grasped the basic concepts,
it would definately help you to refer to the many examples
available here on the wiki, there is also a great [http://
www.askapache.com/2006/htaccess/htaccesselite-ultimate-htaccess-
article.html htaccess Code Snippet Article] full of the most
commonly requested htaccess code examples.
== How can I create a plain text file for .htaccess? ==
You can do it by sshing in to yourdomain.com and using pico, a user-
friendly text editor. All the commands for its use appear at the
bottom of the page (^ means ''press the Control key.'') Just change
to the directory in which you want to use .htaccess, and type
"pico .htaccess" to get started with a blank .htaccess file.
== How do I block certain IPs from accessing my site or directory? ==
It's pretty easy! All you have to do is file in the directory
you'd like to restrict (your main directory to restrict the entire
site) and then put the following in it:
{{{
<Limit GET>
order allow,deny
allow from all
deny from 123.142.124.152
deny from 124.24.
</LIMIT>
}}}
You can put whole ips or just the beginning part you'd like to
match, and you can add more and more ips, each with its own line!
When somebody's ip is banned, they will get a 403 error (access
forbidden) when trying to visit your site.
== How do I block people coming from a certain website or URL from
visiting my site or directory? ==
It's actually very similar to [[KB / Unix / .htaccess files|
blocking people by IP]]! Again, you need to add some lines to
an .htaccess text file that you create in the home directory of
your web site.
Here is some example code for giving everybody who comes to you
from www.yahoo.com or www.google.com an (access denied):
{{{
SetEnvIfNoCase Referer "^http://www.google.com/" BadReferrer
SetEnvIfNoCase Referer "^http://www.yahoo.com/" BadReferrer
order deny,allow
deny from env=BadReferrer
}}}
Another way to block people where you end up just redirecting them
to a different url involves using the "[http://httpd.apache.org/
docs/mod/mod_rewrite.html mod_rewrite]" functionality of our web
server. Here's how to block everybody from www.yahoo.com and
www.google.com again (put this in your .htaccess file):
{{{
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://www.yahoo.com/
RewriteRule /* http://www.yoursite.com/restricted_url.html [R,L]
RewriteCond %{HTTP_REFERER} ^http://www.google.com/
RewriteRule /* http://www.yoursite.com/restricted_url.html [R,L]
}}}
== Force a server to only use SSL and fix double logins ==
If you really want to be sure that your server is only serving
documents over an encrypted SSL channel ''(you wouldn't want
visitors to submit a htaccess password prompt on an unencrypted
connection)'' then you need to use the '''SSLRequireSSL'''
directive with the +StrictRequire Option turned on.
{{{
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "site.com" #or www.site.com
ErrorDocument 403 https://site.com
}}}
The cool thing about using mod_ssl instead of mod_rewrite to force
SSL is that apache gives mod_ssl priority ABOVE mod_rewrite so it
will always require SSL. ''(may be able to get around first method
using http://site.com:443 or https://site.com:80)''
* An in-depth article about what this is doing can be found in the
[http://www.htaccesselite.com/htaccess/redirecting-all-or-part-of-a-
server-to-ssl-vt61.html SSL Forum]
== How do I stop others from "hotlinking" my files? ==
"Hotlinking" is when somebody displays an image (or any type of
file actually) on somebody else's web site directly inline on their
site! There's nothing particularly '''wrong''' with that, it's a
big part of how the WWW was designed to work. However, it does
"steal" the bandwidth of the original site, and could possibly
infringe on a copyright.
==== Blocking specific domains ====
The following code will return a '''403 Forbidden''' error instead
of the requested image, but only when the image has been requested
by ''badsite.net'' or ''badsite.com'':
{{{
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.net/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.com/ [NC]
RewriteRule \.(jpe?g|gif|png)$ - [F]
}}}
Note that in the above example, only images are being protected. To
protect other resources, such as video and audio files, add
additional extensions to the <code>Rewrite Rule</code> parentheses
block.
==== Blocking most domains ====
The following code will return a '''403 Forbidden''' error instead
of the requested resource, unless requested from example.com or
livejournal.com (note that one of the allowed sites should be the
domain where the resource is actually used):
{{{
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?livejournal\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|png)$ - [F]
}}}
==== Blocking all domains ====
The following code will return a '''403 Forbidden''' error instead
of the requested resource, unless the referrer is example.com,
which should be changed to the domain of the site where the image
is used:
{{{
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|png)$ - [F]
}}}
=== Replacing images ===
This method will '''still''' result in bandwidth theft, but it will
protect your images. Bandwidth theft may reduce eventually as
people learn linking your images will not work.
==== Replacing the image ====
The following code will cause the remote server to display
'''no_hotlink.jpg''' instead of the requested image:
{{{
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|png)$ images/no_hotlink.jpg [L]
}}}
==== Allow certain hotlinking ====
The following code will cause the remote server to display
'''no_hotlink.jpg''' instead of the requested image, unless the
image has been requested from a specified directory ("'''dir'''"):
{{{
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/dir/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|png)$ images/no_hotlink.jpg [L]
}}}
==== Block specific domains ====
The following code will cause the remote server to display
'''no_hotlink.jpg''' instead of the requested image, but only when
the image has been requested by ''badsite.net'' or ''badsite.com'':
{{{
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.net/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.com/ [NC]
RewriteRule \.(jpe?g|gif|png)$ images/no_hotlink.jpg [L]
}}}
== External Links ==
* [http://wiki.mobbing-gegner.de/?
action=fullsearch&context=180&value=apache&titlesearch=Titel
german] tips and links for apache