This page has been robot translated, sorry for typos if any. Original content here.

File settings access to the server. Htaccess

Website building

The server access configuration file. htaccess

The author: Maxim Prikhodko
Published November 30, 2005

Since the Unix operating system is the most popular among server systems, the most common server is not MS IIS , but Apache (a version of which, however, also exists for Windows ).

When the name of your site is entered in the browser line, it is the server that decides which files to show and how. And you can manipulate the settings file in order to control the server’s operation with respect to the website . htaccess , any change of which immediately takes effect.

Syntax htaccess has a rigid structure, failure to comply with which leads to server errors, therefore, the following two requirements must be met:

  1. Paths to files (directories) are specified from the root of the server. For example: / opt / home / www.mysite.ru / htdocs / config /. htpasswords

  2. Domains are specified with an indication of the protocol. For example: Redirect / http://www.site.ru

The file must be named exactly "dot" htaccess and be recorded in UNIX-format. In FAR, for example, when editing, you can press Shift + F2 and select the "Save as UNIX Text" menu item.

We give simple examples of managing access to a site using a file. htaccess :

Ban on all files:

deny from all

Here all means "all."

Allow access from a specific IP address (for example, 192.13.237.14):

order allow deny
deny from all
allow from 192.13.237.14

Deny access from a specific IP address (for example, 192.13.237.14):

order allow deny
allow from all
deny from 192.13.237.14

Prevent a group of files by mask:

<Files "\ . ( Inc | sql | other extensions ) $ ">
order allow, deny
deny from all
</ Files>

In this example, the Apache web server itself can access files with the specified extensions.

You can set a ban on a specific file by its full name ( for example , config.inc.php ):

<Files config.inc.php >
order allow , deny
deny from all
</ Files>

Password on directory :

AuthName "Private zone"
AuthType Basic
AuthUserFile / pub / home / login /. htpasswd
require valid-user
</ Files>

The AuthName value will be displayed for the visitor and can be used to clarify the authorization request. The AuthUserFile value indicates the location where the password file is stored for access to this directory. This file is created by the special utility htpasswd.exe.

For example, in the directory that we protect with the password we create. htaccess with the following content:

AuthName "For Registered Users Only"
AuthType Basic
AuthUserFile / pub / home / yoursite.ru/.htpasswd
require valid-user
</ Files>

In this example, the visitor will see the phrase " For Registered Users Only " when requesting a directory, the file with passwords for access should be located in the directory / pub / yoursite.ru / and called. htapasswd . The directory is specified from the root of the server. If you incorrectly specify a directory, Apache will not be able to read the file. htpasswd and no one will have access to this directory.

Similar to the protection of an entire directory, you can set a password for only one file. For example, to protect the file private.zip is needed in the file. htaccess provide the following information:

<Files private.zip >
AuthName "Users zone"
AuthType Basic
AuthUserFile / pub / home / login /. htpasswd
</ Files>

Similarly, using the < Files "\. ( Inc | sql | other extensions) $"> command, you can specify passwords by file mask. For example, to set a password for access to all files with the extension. sql you must specify the following information:

<Files "\ . ( Sql ) $">
AuthName "Users zone"
AuthType Basic
AuthUserFile / pub / home / yoursite.ru/.htpasswd
</ Files>

In order to make redirection of the visitor to the site http://www.site.ru, c. htaccess must be specified:

Redirect / http://www.site.ru

To be continued...