Difference between revisions of ".htaccess"

From Server Knowledge Base
Jump to navigationJump to search
Line 84: Line 84:


== Password protected directory ==
== Password protected directory ==
See [[Scripts#eXample_.htaccess_and_.htpasswd_file this]] guide too.


cd '''into''' the directory you want to protect.
cd '''into''' the directory you want to protect.

Revision as of 13:44, 11 February 2013

It's default permissions/group (if you want to create it for example) are 644 -rw-r--r-- and ftpuser:psacln (for a Plesk server). To find .htaccess either go to /var/www/vhosts/domain/httpdocs and do ls -la or the following command:

find /var/www/vhosts/ .htaccess | grep htaccess
locate .htaccess

You may need to run updatedb first.

Permalinks

Temporarily change the file from 644 (default permissions are -rw-r--r-- and ftpuser:psacln) by doing:

chmod 766 .htaccess
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /press/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /press/index.php [L]
</IfModule>
# END WordPress

Now go to the Wordpress backend, log in and go to Settings > Permalinks > Custom Structure (normally /%postname%/) and click Save Changes. It will likely say "You should update your .htaccess now." so make a blog post to test and it should work. You can now set the .htaccess file back to 644 or even 604 now.

Wordpress Permalinks guide

Broken URLs and running HTML as PHP

If a Wordpress site on a development URL was working fine and you have changed some of the permalinks and the site cannot be accessed it is likely because .htaccess is missing this syntax:

"Options +FollowSymLinks" 

To force .html files to run as a php scripts put the following:

AddHandler php-script .html

in the .htaccess file.

Force lower-case URLs

http://stackoverflow.com/questions/10458998/rewriting-url-to-all-lowercase?lq=1
http://stackoverflow.com/questions/6852277/case-sensitive-urls-how-to-make-them-insensitive?lq=1
http://stackoverflow.com/questions/2923658/convert-to-lowercase-in-a-mod-rewrite-rule
http://www.chrisabernethy.com/force-lower-case-urls-with-mod_rewrite

Wordpress File Permissions

Wordpress Install: The mysql extension was not found

If you get the following message when installing Wordpress through the one click installer in the Applications tab of Plesk: "Unable to install the app on website because hosting settings of this website do not meet the installation requirements. These requirements are listed below. The mysql extension was not found."

You need to rename the .htaccess file temporarily (cd into dir, mv .htaccess <filename>), uninstall/install Wordpress and then you can rename it back. It is due to the following: http://kb.parallels.com/en/111427

Mod_rewrite

Mod_rewrite may be enabled by default on an Ubuntu VPS, CentOS guide. This is located in /etc/apache2/mods-enabled/

Search the following to confirm.

/etc/apache2/mods-enabled# locate rewrite.load
/etc/apache2/mods-available/rewrite.load
/etc/apache2/mods-enabled/rewrite.load

During a drupal install it should test for this anyway and tell you. During the install you can either use drupal built in rewrites or use the .htaccess equivalent. The .htaccess file will be in /var/www/vhosts/yourdomain.com/httpdocs , /var/www/vhosts/lvpsIP-IP-IP-IP.vps.webfusion.co.uk/site1 or make it yourself. If so just make sure you have the below 2 lines in here or else mod_rewrite will not work.

Options +Indexes
RewriteEngine on

Options +Indexes

This will allow you to list the directory of a folder when viewing it in a browser, as long as it has the correct permissions (normally www-data:www-data). This can be applied to only specific folders by putting the .htaccess file in the folder you want it to affect.

To deny indexing, use -Indexes instead.

Options +FollowSymLinks

Add the above option into a .htaccess file if you get the following message in the Apache log:

Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden

Add it if you also get the below error on Wordpress sites:

Forbidden, perhaps you need to change the file permissions for this document or upload an index page

Password protected directory

See Scripts#eXample_.htaccess_and_.htpasswd_file this guide too.

cd into the directory you want to protect.

vim .htaccess

AuthName "Private zone"
AuthType Basic
AuthUserFile /path/to/.htpasswd
require valid-user

Generator the .htpasswd file content here and then do:

vim .htpasswd

user:encryptedpassword

Guides:

http://httpd.apache.org/docs/2.0/howto/auth.html
http://httpd.apache.org/docs/2.2/mod/core.html
http://httpd.apache.org/docs/2.2/howto/htaccess.html#how
http://www.sitepoint.com/forums/showthread.php?396553-htaccess-Doesn-t-Work

Need AllowOverride

.htpasswd content generator

Redirect 301

Point an entire site to a different URL, the first slash is for the domain's htaccess you are in redirected to example.com:

# This allows you to redirect your entire website to any other domain
Redirect 301 / http://example.com/

Redirect index.html to a specific subfolder:

# This allows you to redirect index.html to a specific subfolder
Redirect /index.html http://example.com/newdirectory/

Redirect an old file to a new file path:

# Redirect old file path to new file path
Redirect /olddirectory/oldfile.html http://example.com/newdirectory/newfile.html

Redirect to a specific index page:

# Provide Specific Index Page (Set the default handler)
DirectoryIndex index.html

Also include Options +FollowSymLinks

Allow only HTTPS access with htaccess

mod_rewrite https to http

A HTTPS request will have to open the file ".htaccess" to pick the redirect to HTTP. The certificate will be therefore sent to the customer; showing the invalid warning.

The only way to bypass this is to buy a SSL certificate.

Whitelist Flash in mod_security

Details of the problem

Windows

One solution is http://www.helicontech.com/ape/ as it provides support for Apache .htacces and .htpasswd configuration files in Microsoft IIS.