|
BookMark Us
|
Please
so that you may come back to see what's new.
|
|
We're Rated With
|
|
|
|
| .HTACCESS/.HTPASSWD FILES and ERROR TRAPPING
|
|
|
|
...... WHAT IS ERROR TRAPPING ......
|
Error Trapping refers to when a file or page can not be located, there is restricted access,
there is an error in a cgi, javascript, php code or when there is an
unknown error. When this happens, you get a page telling you that there
was an error. This is controlled by a '.htaccess'
file and in some instances, a '.htpasswd'
file. We'll explore both of these files in more depth as we go.
|
|
|
...... EXPLAINATION OF THE .HTACESS FILE ......
|
|
The basic '.htaccess' file is simply put, a text file which
contains a few lines of code that tells the server when an error has occured and what
page to present to the user so that they know there was an error. The presented
page will be a normal html page which can be created by the website owner
or the webserver.
|
400 error --- Unknown Error
401 error --- Authorization required
403 error --- Restricted Access
404 error --- Lost or Missing Files
500 error --- Script Error (CGI, PERL etc. -not - JAVASCRIPT)
|
|
|
|
...... MAKING THE .HTACCESS FILE ......
|
| FRONTPAGE WARNING:
FrontPage sites have a .htaccess file in the root directory that is created when the FrontPage
extensions are installed. FrontPage users should proceed with caution and make a backup copy of their .htaccess
file before making any changes. Incorrect changes to your .htaccess file can result in your site being unreachable.
|
|
To start with you need to find out if you are allowed to use this type of file on your server.
If you are not sure, contact your system administrator.
Now you need to create a text file called '.htaccess'.
Of course in order for you to be able to save and view this file on your
hard drive, you will need to name it something like 'htaccess.txt'.
This can be renamed '.htaccess'
after it has been uploaded to the server. You may also need to create a
html document for each of these errors. The path to your html documents
may be different than what I put in the example below so make the required
changes to reflect this. Now using notepad and assuming that your html
error documents are located in a directory called 'error',
place the following lines at the very top of the '.htaccess' file:
ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 500 /error/500.html
Save this file to your
hard drive and name it 'htaccess.txt' or whatever
you want. You can change the name to '.htaccess' after it has been uploaded to your server.
Now you can create your '.html'
pages to go along with the '.htaccess'
file and name them:
400.html
401.html
403.html
404.html
500.html
|
|
|
...... UPLOADING THE .HTACCESS FILE ......
|
You should upload the
'.htaccess' file to your root directory. You
do not need to CHMOD it nor do you need to upload it in ASCII format although it is recommended.
If you put it in your root directory, it will cover all files thereafter in
all the subdirectories. If you put it in a directory (eg:
www.yoursite.com/some_folder/) it will only cover the subdirectories
from some_folder onward.
If you need help with
'CHMOD' then try the CHMOD
Tutorial.
Take me to the En-Crypt-It
encryption tool.
[ top | .htaccess | .htpasswd | advanced ]
|
|
| PASSWORD PROTECTION USING .htaccess and .htpasswd
|
|
...... PASSWORD PROTECTING A DIRECTORY ......
|
NOTE:
You should try not to password protect your whole directory (eg:
www.yoursite.com) so that nobody can view anything without a password.
However, it is ok to protect a subdirectory (eg: www.yoursite.com/some_folder/) so that
nobody can go into '/some_folder',
or any of the subdirectories thereafter without a password. The latter
would be a much safer option.
NOTE:
If you want to stop people from stealing your graphics, then you can password
protect your images directory, but if you are using some of the images
on you pages that are in that directory, it will prompt for a password.
This would not be cool!
To password protect a directory, you need three things; a '.htpasswd'
file, a second '.htaccess' file and the path
for the working directory.
|
|
|
...... THE SECOND TYPE OF .HTACCESS FILE and FINDING THE WORKING DIRECTORY ......
|
First of all, you need to create a new '.htaccess'
file similar to the first one but with the following information and place
it in the dirctory you want to protect. If you do not know what your absolute
path to your working directory is, you can either copy and paste one of
these scripts then
upload it to your site or ask your system administrator. Next, using your
browser, go to your site and open the script. What you will be looking
for is the line that says something like this or something close anyways:
(nnn = a number.)
/web/sites/nnn/user_name/www.site_name.com/path.php
/web/sites/nnn/user_name/www.site_name.com/path.php3
/web/sites/nnn/user_name/www.site_name.com/cgi-bin/path.cgi
/web/sites/nnn/user_name/www.site_name.com/cgi-bin/path.pl
or another example would be:
/home/username/public_html/path.php
/home/username/public_html/path.php3
/home/username/public_html/cgi-bin/path.cgi
/home/username/public_html/cgi-bin/path.pl
Now copy and paste the following lines into your second '.htaccess'
file. Don't forget to change the parameters Protected
Area and the absolute path to your
'.htpasswd' file shown in white
below.
AuthUserFile /absolute/path/to/.htpasswd
AuthGroupFile /dev/null
AuthName 'Protected Area'
AuthType Basic
<limit GET PUT POST>
require valid-user
</limit>
Or an alternative for blocking certain IP addresses from viewing anything would be:
<Limit GET>
order allow,deny
deny from 128.23.45.
deny from 207.158.255.213
allow from all
</Limit>
If you would like to password protect only certain files, then this
is what you would place in the second '.htaccess' file but change the variables
shown in white:
AuthUserFile /absolute/path/to/.htpasswd
AuthGroupFile /dev/null
AuthName 'Protected Area'
AuthType Basic
Allow From All
<Files some_file.???>
require valid-user
</Files>
Change some_file.??? to the file you want excluded (eg: path.cgi)
If you don't want anyone, including yourself, to have access to a specific
file, then place the following into your .htaccess file and put it into
the directory that contains the file to be protected. Change some_file.??? to
the file you want excluded (eg: path.cgi)
AuthUserFile /absolute/path/to/directory
AuthGroupFile /dev/null
AuthName 'Protected Area'
AuthType Basic
Allow From All
<Files some_file.???>
Deny From All
</Files>
If you want a certain page to open as your default when someone goes to a
specific directory (eg: other than index.html) then this is what you would
add to your '.htaccess' file but change the variable shown in
white. Also,
you must put this '.htaccess' file in the directory where you want the
default to occur.
NOTE:
The following examples are really nothing
more than a redirection command somewhat similar to a meta tag redirection
and can be used as such, but without a delay time stamp.
DirectoryIndex
file.extension
If you want to exicute a cgi script when someone goes to a specific directory
then add this line to your '.htaccess' file:
DirectoryIndex
/cgi-bin/some_file.cgi
For php users who need the server to recognize file.php when it is set up to
use php3 instead, add this to your '.htaccess' file:
AddType application/x-httpd-php3 .php3 .php
You may also want to add this line to make your index.php file work correctly:
DirectoryIndex index.php index.php3 index.html
If you want to redirect a file, add this line. Of course you
must change the names from what I give you here.
Redirect /olddirectory/oldfile.html http://yoursite.com/newdirectory/newfile.html
If you want to redirect a directory, add this line. Of course you
must change the names from what I give you here.
Redirect /olddirectory http://yoursite.com/newdirectory/
|
|
|
...... THE .HTPASSWD FILE ......
|
First you will need to find some form of encryption for your password and it just so
happens that I have a tool that will do just that.
The En-Crypt-It
password encryption tool will create a line that you will place in your
'.htpasswd' file.
The created line will look something like:
jOhn1doE:DgrT$o*e/viL
Last but not least, you need to create the '.htpasswd' file. You do
this also by using notepad, similar to when you made the .htaccess file, but name it '.htpasswd'
and place in it this one line: username:password
that you created using the En-Crypt-It
encryption tool.. Upload this file to where you pointed to in your '.htaccess'
file.
If you need help with
'CHMOD' then try the CHMOD
Tutorial.
Take me to the En-Crypt-It
encryption tool.
[ top | .htaccess | .htpasswd | advanced ]
|
|
| ADVANCED .HTACCESS TUTORIAL
|
|
...... REDIRECT A MACHINE NAME ......
|
Here are some advanced options you can do with .htaccess files
| FRONTPAGE WARNING:
FrontPage sites have a .htaccess file in the root directory that is created when the FrontPage
extensions are installed. FrontPage users should proceed with caution and make a backup copy of their .htaccess
file before making any changes. Incorrect changes to your .htaccess file can result in your site being unreachable.
|
If you want to redirect a machine name to the directory machine on a site then add the following
to the '.htaccess' file:
RewriteEngine On
Options+FollowSymlinks
RewriteBase/
# Rewrite Rule for machine.domain-name.net
RewriteCond % machine.domain-name.net$
RewriteCond % !machine/
RewriteRule ^(.*)$ machine/$1
This will redirect requests for the machine name machine.domain-name.net
to the directory machine on the site domain-name.net
|
|
|
...... PREVENTING PEOPLE FROM LINKING TO YOUR IMAGES ......
|
If you want to prevent other websites from linking to your images then add the following to
the '.htaccess' file:
RewriteEngine on
RewriteCond % !^$
RewriteCond % !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]
You may have to add the following to the top of your .htaccess file to get it to work:
Options +FollowSymlinks
If you would rather have an alternate image show up in place of the one that is being linked to,
change the last line of the above code to this:
RewriteRule \.(gif|jpg)$ http://www.mydomain.com/nasty.gif [R,L]
Also, in either case, don't forget to change mydomain.com to your domain name.
|
|
|
...... THAT'S IT ......
|
You now have your own custom error pages and a password protected
directory.
Now, doesn't that make you feel a little safer?
If you need help with 'CHMOD' then try the CHMOD
Tutorial.
Take me to the En-Crypt-It encryption tool.
[ top | .htaccess | .htpasswd | advanced ]
|
|
Courtesy of:
|
|
Legal Stuff
