Difference between revisions of ".htaccess"
Rootadminacc (talk | contribs) |
Rootadminacc (talk | contribs) |
||
Line 85: | Line 85: | ||
== Password protected directory == | == Password protected directory == | ||
See [[Scripts#eXample_.htaccess_and_.htpasswd_file this]] guide too. | See [[Scripts#eXample_.htaccess_and_.htpasswd_file | this]] guide too. | ||
cd '''into''' the directory you want to protect. | cd '''into''' the directory you want to protect. |
Revision as of 13:45, 11 February 2013
It's default permissions/group (if you want to create it for example) are 644 -rw-r--r-- and ftpuser:psacln (for a Plesk server). To find .htaccess either go to /var/www/vhosts/domain/httpdocs and do ls -la or the following command:
find /var/www/vhosts/ .htaccess | grep htaccess locate .htaccess
You may need to run updatedb first.
Permalinks
Temporarily change the file from 644 (default permissions are -rw-r--r-- and ftpuser:psacln) by doing:
chmod 766 .htaccess
# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase /press/ RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /press/index.php [L] </IfModule> # END WordPress
Now go to the Wordpress backend, log in and go to Settings > Permalinks > Custom Structure (normally /%postname%/) and click Save Changes. It will likely say "You should update your .htaccess now." so make a blog post to test and it should work. You can now set the .htaccess file back to 644 or even 604 now.
Broken URLs and running HTML as PHP
If a Wordpress site on a development URL was working fine and you have changed some of the permalinks and the site cannot be accessed it is likely because .htaccess is missing this syntax:
"Options +FollowSymLinks"
To force .html files to run as a php scripts put the following:
AddHandler php-script .html
in the .htaccess file.
Force lower-case URLs
http://stackoverflow.com/questions/10458998/rewriting-url-to-all-lowercase?lq=1
http://stackoverflow.com/questions/6852277/case-sensitive-urls-how-to-make-them-insensitive?lq=1
http://stackoverflow.com/questions/2923658/convert-to-lowercase-in-a-mod-rewrite-rule
http://www.chrisabernethy.com/force-lower-case-urls-with-mod_rewrite
Wordpress File Permissions
Wordpress Install: The mysql extension was not found
If you get the following message when installing Wordpress through the one click installer in the Applications tab of Plesk: "Unable to install the app on website because hosting settings of this website do not meet the installation requirements. These requirements are listed below. The mysql extension was not found."
You need to rename the .htaccess file temporarily (cd into dir, mv .htaccess <filename>), uninstall/install Wordpress and then you can rename it back. It is due to the following: http://kb.parallels.com/en/111427
Mod_rewrite
Mod_rewrite may be enabled by default on an Ubuntu VPS, CentOS guide. This is located in /etc/apache2/mods-enabled/
Search the following to confirm.
/etc/apache2/mods-enabled# locate rewrite.load /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/rewrite.load
During a drupal install it should test for this anyway and tell you. During the install you can either use drupal built in rewrites or use the .htaccess equivalent. The .htaccess file will be in /var/www/vhosts/yourdomain.com/httpdocs , /var/www/vhosts/lvpsIP-IP-IP-IP.vps.webfusion.co.uk/site1 or make it yourself. If so just make sure you have the below 2 lines in here or else mod_rewrite will not work.
Options +Indexes
RewriteEngine on
Options +Indexes
This will allow you to list the directory of a folder when viewing it in a browser, as long as it has the correct permissions (normally www-data:www-data). This can be applied to only specific folders by putting the .htaccess file in the folder you want it to affect.
To deny indexing, use -Indexes instead.
Options +FollowSymLinks
Add the above option into a .htaccess file if you get the following message in the Apache log:
Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden
Add it if you also get the below error on Wordpress sites:
Forbidden, perhaps you need to change the file permissions for this document or upload an index page
Password protected directory
See this guide too.
cd into the directory you want to protect.
vim .htaccess
AuthName "Private zone" AuthType Basic AuthUserFile /path/to/.htpasswd require valid-user
Generator the .htpasswd file content here and then do:
vim .htpasswd
user:encryptedpassword
Guides:
http://httpd.apache.org/docs/2.0/howto/auth.html
http://httpd.apache.org/docs/2.2/mod/core.html
http://httpd.apache.org/docs/2.2/howto/htaccess.html#how
http://www.sitepoint.com/forums/showthread.php?396553-htaccess-Doesn-t-Work
Need AllowOverride
Redirect 301
Point an entire site to a different URL, the first slash is for the domain's htaccess you are in redirected to example.com:
# This allows you to redirect your entire website to any other domain Redirect 301 / http://example.com/
Redirect index.html to a specific subfolder:
# This allows you to redirect index.html to a specific subfolder Redirect /index.html http://example.com/newdirectory/
Redirect an old file to a new file path:
# Redirect old file path to new file path Redirect /olddirectory/oldfile.html http://example.com/newdirectory/newfile.html
Redirect to a specific index page:
# Provide Specific Index Page (Set the default handler) DirectoryIndex index.html
Also include Options +FollowSymLinks
Allow only HTTPS access with htaccess
mod_rewrite https to http
A HTTPS request will have to open the file ".htaccess" to pick the redirect to HTTP. The certificate will be therefore sent to the customer; showing the invalid warning.
The only way to bypass this is to buy a SSL certificate.
Whitelist Flash in mod_security
Windows
One solution is http://www.helicontech.com/ape/ as it provides support for Apache .htacces and .htpasswd configuration files in Microsoft IIS.