You are on page 1of 23

25/06/13

.htaccess tricks and tips.. part one: tips, tricks, hints, examples; juicy .htaccess information.

Site Navigation Top Links .htaccess tips and tricks
<ifModule> clever stuff here </ifModule>

Introduction to .htaccess..
This work in constant progress is some collected wisdom, stuff I've learned on the topic of .htaccess hacking, commands I've used successfully in the past, on a variety of server setups, and in most cases still do. You may have to tweak the examples some to get the desired result, though, and a reliable test server is a powerful ally, preferably one with a similar setup to your "live" server. Okay, to begin..
..a win32 Apache mirror of corz.org

.htaccess files are invisible There's a good reason why you won't see .htaccess files on the web; almost every web server in the world is configured to ignore them, by default. Same goes for most operating systems. Mainly it's the dot "." at the start, you see? If you don't see, you'll need to disable your operating system's invisible file functions, or use a text editor that allows you to open hidden files, something like bbedit on the Mac platform. On windows,
corz.org/serv/tricks/htaccess.php 1/23

25/06/13

.htaccess tricks and tips.. part one: tips, tricks, hints, examples; juicy .htaccess information.

showing invisibles in explorer should allow any text editor to open them, and most decent editors to save them too**. Linux dudes know how to find them without any help from me.

that same folder, as seen from Mac OS X

In both images, the operating system has been instructed to display invisible files. ugly, but necessary sometimes. You will also need to instruct your ftp client to do the same. By the way; the windows screencap is more recent than the mac one, moved files are likely being handled by my clever 404 script.

** even notepad can save files beginning with a dot, if you put double-quotes around the name when you save it; i.e.. ".htaccess". You can also use your ftp client to rename files beginning with a dot, even on your local filesystem; works great in FileZilla.

What are .htaccess files anyway?
Simply put, they are invisible plain text files where one can store server directives. Server directives are anything you might put in an Apache config file (h t t p d . c o n f ) or even a p h p . i n i **, but unlike those "master" directive files, these .htaccess directives apply only to the folder in which the .htaccess file resides, and all the folders inside. This ability to plant .htaccess files in any directory of our site allows us to set up a finely-grained tree of server directives, each subfolder inheriting properties from its parent, whilst at the same time adding to, or over-riding certain directives with its own .htaccess file. For instance, you could use .htacces to enable indexes all over your site, and then deny indexing in only certain subdirectories, or deny index listings site-wide, and allow indexing in certain subdirectories. One line in the .htaccess file in your root and your whole site is altered. From here on, I'll probably refer to the main .htaccess in the root of your website as "the master .htaccess file", or "main" .htaccess file. There's a small performance penalty for all this .htaccess file checking, but not noticeable, and you'll find most of the time it's just on and there's nothing you can do about it anyway, so let's make the most of it..
corz.org/serv/tricks/htaccess.php 2/23

If your site is hosted with someone else. c o n ffile will also function perfectly inside an . juicy ..php 3/23 . and if not. etc.25/06/13 . AllowOverride All Restart Apache. corz. # This should be changed to whatever you set DocumentRoot to. check your control panel (Plesk..htaccess files? Almost any directive that you can put inside an h t t p d . tricks.htaccess is most often used to restrict or deny access to individual files and folders. i n ifiles Is . Control (A l l o w /D e n y ) Access.. Your D o c u m e n t R o o tmay be different. the most common use of . hints. switch to a better web host. Unsurprisingly..htaccess enabled? It's unusual. contact your hosting admins.) to see if you can enable it there. Perhaps they don't allow this. CPanel. which would normally be preferable.htaccess file. A typical example would be an "includes" folder. i n i . If you are hosting it yourself..htaccess will work. What can I do with .htaccess is to. ..htaccess file in the includes folder with content something like this. In which case. of course. but possible that .htaccess information.. in which case the directives would go inside individual p h p .htaccess tricks and tips. AllowOverride None . c o n fin a text editor. and locate this < D i r e c t o r y >section. over the web. part one: tips.. You can also make this change inside a virtual host. it's easy enough to fix. but you don't want users accessing these files directly. In that case you would drop an .htaccess is not enabled on your site.org/serv/tricks/htaccess. open your h t t p d . ** Your main p h p . unless you are running under phpsuexec. Now . # <Directory "/var/www/htdocs"> # .. examples.and change it to.locate the line that reads. Your site's pages can call these included scripts all they like.. that is.

is identical in operation to the previous example.168..168. which controls the order in which Apache handles the access rules (aka.25/06/13 . lines beginning with "#" are ignored by Apache.php 4/23 . examples. lots of things. hints. is redundant...0/24 Order Allow.org/serv/tricks/htaccess. first applying D e n yrules.Deny Deny from All Allow from 192.. the actual ordering of the rules in your config file is unimportant. juicy . here's a handy top-level ruleset for a local test server.. then A l l o wrules.0. A l l o w . but on a live server (like my dev mirrors sometimes are) they become useful for filtering out undesirable IP blocks.168.0 Note the O r d e rdirective. Sometimes. corz. the D e n yline in example above. and denying everything else. directives) when making its three passes. This. NO ENTRY outside of the LAN! Allow from 192. NO ENTRY outside of the LAN! Order Allow.0. for instance limiting access to a particular IP range.168.Deny Allow from 192.0/24 # this would do the same thing. With D e n y . then allowing everything else. handy for comments. Generally these sorts of requests would bounce off your firewall anyway. NO ENTRY outside of the LAN! # no nasty crackerpots in here! Order Allow.0 . By the way. NO ENTRY! # no one gets in here! deny from all which would deny ALL direct web (HTTP) access to ANY files in that folder (your scripts reach them via the filesystem). known risks.Deny ... part one: tips. If you think about it. This. tricks. You can be more specific with your conditions. perhaps some persistent robot that doesn't play by the rules.htaccess information.. And because Apache processes the directives in three groups (one on each pass). With A l l o w . in case you hadn't spotted. D e n y . is enough to secure a local server. the processing order defined by the O r d e rdirective. #Allow from 192. then D e n yrules. first checking and applying A l l o wrules.htaccess tricks and tips. you will only want to ban one IP.

If you delete those rules. hmmm.php 5/23 . # someone else giving the ruskies a bad name. < L o c a t i o n >rules override everything.222.. the rules from your V i r t u a l H o s tconfig will apply. though this can be problematic. Usually with sommething like this.. the usual method. examples. bad referrers. as well as how to deny those nasty web suckers.. you can even use HTML (though there is probably a limit to how much HTML you can squeeze onto one line). For example. c o n fand such files). One final note about A l l o wand D e n yrules for local servers (or anywhere you have acceess to the main h t t p d . Whatever.php ErrorDocument 403 /err/403.conf will apply. c o n f . measure twice. and A l l o wA l lin your . ban IP.php ErrorDocument 500 /err/500. but DO NOT end with one.. For Apache 2. part one: tips. corz. as normal. If you delete the A l l o wrule in the . This is probably fine for most situations. begin with a ".. which certainly gets the message across. # quick custom error "document".v h o s t .23.deny deny from 83. Remember. One quick and simple method is to specify the text in the directive itself. and so on. the "err" folder (with the custom pages) is in the root # custom error documents ErrorDocument 401 /err/401. script kiddies and more. hints.htaccess information. order allow.htaccess tricks and tips. usually). but in part two I'll demonstrate some cooler ways to deny access. if you have A l l o w O v e r r i d eA l land D e n yA l lset in your V i r t u a l H o s tconfig. the user gets a 403 "access denied" error page in their client software (browser.php ErrorDocument 404 /err/404. post user agent every fifth request only. you can put a second quote at the end.. the .php You can also specify external URLs. h t a c c e s srules apply. juicy . the ones from your main httpd. and is best avoided. Custom error documents.org/serv/tricks/htaccess.htaccess is where most folk configure their error documents.25/06/13 . quote once. I guess I should briefly mention that . allowing access from all addresses. h t a c c e s s . ranges. h t a c c e s s . for Apache 1.219 allow from all The usual rules for IP addresses apply. so you can use partial matches. tricks. they will override any rules set in the preceding config file.. If A l l o w O v e r r i d eA l lis set in a config file processed before the one containing these rules (it usually is).

25/06/13 . in other words. check it out. hints. But then. tricks.the above will work just fine.htaccess file for password protection: AuthType Basic AuthName "restricted area" AuthUserFile /usr/local/var/www/html/.htaccess tricks and tips. a simple authorisation mechanism might look something like this. examples. specifically for making and updating password files.. password protected folders.htpasses <Limit POST> require valid-user </Limit> You can find loads of online examples of how to setup authorization using .htaccess.htaccess information. The windows version is the same. only the file path needs to be changed.. Also note: You can use forward and back-slashes interchangeably with Apache/php on Windows. etc: AuthType Basic AuthName "restricted area" AuthUserFile /usr/local/var/www/html/. you will need to c dinto that directory before performing the command. h t p a s s w dis a tool that comes free with Apache. part one: tips. h t p a s s w dcc : / u n i x / u s r / l o c a l / A p a c h e 2 / c o n f / . I would. only valid users can POST in here.php 6/23 . 'jimmy') with a real password (you will be prompted for this. h t p a s s e sj i m m y corz. go away quickly!</tt></h2></body></html> Using a custom error document is a Very Good Idea. ErrorDocument 404 "<html><head><title>NO!</title></head><body><h2><tt>There is nothing here... The next most obvious use for our . PUT. juicy . too. or user groups.htpasses require valid-user You can use this same mechanism to limit only certain kinds of requests. h t p a s s w dc/ u s r / l o c a l / v a r / w w w / h t m l / .org/serv/tricks/htaccess.htaccess files is to allow access to only specific users. h t p a s s e sj i m m y ... Note: if the Apache b i n /folder isn't in your PATH.. so this would work just fine. I recommend you download mine. twice) in a real password file (the cswitch will create it). and will give you a second chance at your almost-lost visitors. Password protected directories. to wherever you want to put the password file. anyone can GET. a simple sample . and so long as you have a real user (or create one. in this case..

as far as I know they all do (it's in the Apache core). and load a page in that folder. besides). a subject I delve into far more deeply. assuming you were inside the b i n /directory of our fictional Apache install.htaccess information.your password travels in plain text over the wire. h t p a s s e sis a habit from when I had to keep that file inside the web site itself.org/serv/tricks/htaccess.htaccess files are enabled on your site. then you can call it whatever you like. also free. tricks. The authentication examples above assume that your web server supports "Basic" http authorisation. it is secure enough for our basic purpose. RewriteEngine on RewriteCond %{remote_user} !^$ [nc] RewriteRule ^(. and as web servers are configured to ignore files beginning with .. Once they are logged in. some browsers aren't sending password this way any more.php 7/23 . juicy . "the server did a boo-boo". but the . h t p a s s w dc. Trouble is. not clever.*)$ /users/%{remote_user}/$1 Which is a handy directive. the following would do exactly the same as the above. in part two. Relative paths are fine too. If you keep your password file outside the web root (a better idea). h t p a s s e sj i m m y Naming the password file . h t . things which will only come into effect if certain conditions are true. Fortunately. Basic auth works okay though. Even directives that work perfectly on your test server at home may fail dramatically at your real site. create one. the r e m o t e _ u s e rvariable is now available. probably they are not enabled.. and do stuff with it. you will get a 500 error page. examples. / c o n f / . aka. If you add something that the server doesn't understand or support. In fact this is a great way to find out if .25/06/13 . If you have php. even inside the web tree.. we need a way to safely do live-testing without bringing the whole site to a 500 standstill. you can access the r e m o t e _ u s e renvironmental variable. and are looking for a more secure login facility. If they are. personally I'm looking to php to cover my authorization needs. check out my distro machine. part one: tips. check out pajamas. in much the same way as we used the < L i m i t >tag above.. remain hidden. we can create conditional directives. wait for the 500 error. h t _ s o m e t h i n ghabit is a good one to keep. Get better protection. If you are looking for a password-protected download facility (and much more. if there isn't one. put some gibberish in it..htaccess tricks and tips. . It's free. utilizing m o d _ r e w r i t e . hints.. they too.. 500 error. The most useful of corz. even if it isn't actually that secure ..

It's all for free too.will almost certainly turn it back on again. all the more reason to practice this stuff on a local test server.which. just like in the old days before adult web hosts realized how to turn that feature off! A line like this. or whatever. bring back the directories! Options +Indexes +MultiViews +FollowSymlinks . for instance.. too. part one: tips. let's go all the way! corz. If the PHP4* module isn't running on the server. will this directive have any effect (switch the 4 for a 5 if using php5) <ifModule mod_php4.htaccess file. Of course.c> IndexOptions FancyIndexing </ifModule> . the above . If you've ever had a look in my public archives you will have noticed that that the directories are fully browsable. So far we've only scratched the surface. you would obviously instead use < i f M o d u l e m o d _ p h p 5 . that would set the default character encoding of your * entire site to utf-8 (a good idea!).. * *note: if you are using php5. these is the "ifModule" condition. juicy .which placed in your master . if your syntax is messed-up. as well as being neater. anything output by PHP. And if you have m o d _ a u t o i n d e x . this also makes our . As well as proofing us against knocking the server into 500 mode. order the listing by date. built-in to the server.25/06/13 .htaccess directives that wee bit more portable.. at least. show me those files! <IfModule mod_autoindex. c > . Aside from authorisation.c> php_value default_charset utf-8 </ifModule> .. which goes something like this..org/serv/tricks/htaccess.php 8/23 .. Groovy things to do with .htaccess directive will do exactly nothing. we're just switching it on.htaccess file can be put to all kinds of uses. examples.htaccess information.htaccess tricks and tips. the humble .. no amount of if-module-ing is going to prevent a error of some kind. only if PHP is loaded. hints. allows users to click the titles and..htaccess. Apache just ignores it. yes). You can control certain parameters too. or file size.. tricks. you can get nice fancy indexing. cinstalled on your server (probably.

juicy . and that means bandwidth. Check out the example. h t m l . "If you can imagine that it can be done.html and away you go! note: these days I use a single header files for all the indexes. it can be done". h t a c c e s sis where you can specify which files you want to use as your indexes. and present the first one it finds... you're site will get popular. often you will find controls for things you imagined were uncontrollable. it's worth mentioning that .html index. examples. so now we have nice fancy directories. the "AMP" part runs on most of them.php 9/23 .. part one: tips. because it still isn't! Anyways...htaccess tricks and tips. You can also specify multiple files.php index. It's generally setup something like. NameWidth=30 DescriptionWidth=30 IconsAreLinks SuppressHTMLPreamble (handy!) I'm not mentioning the "XHTML" parameter in Apache2.. if a user requests / f o o / .htaccess file onsite for you to have some fun with. and only drop in local "readme" files.25/06/13 . and my public archives for more details. Swap "Linux" for any decent operating system. <IfModule mod_autoindex. better options for your website.htm It really is worth scouting around the Apache documentation. custom directory index files While I'm here. DirectoryIndex index. Save bandwidth with .c> IndexOptions FancyIndexing IconHeight=16 IconWidth=16 </ifModule> Other parameters you could add include. hints.html . Okay.htaccess! corz.. if you don't watch out. Apache will serve up / f o o / i n d e x . Just add readme. My experience of the magic "LAMP" (Linux-Apache-MySQL-PHP) has been. and Apache will look for each in order.htaccess information.org/serv/tricks/htaccess. that is. HeaderName /inc/header. I've chucked one of my old fancy indexing . thereby creating new possibilities. tricks. or whatever file you specify. and some of them password protected.

I find it convenient to put all the files starting with a dot into one. of course.htaccess and other files. The ".([Ll][Oo][Gg])"> Order allow. If you pay for your bandwidth...ht"> Order allow. You can insert multiple file types into each rule. by default" and that is. and the .htaccess tricks and tips.htaccess information. Do you remember I mentioned that any file beginning with . tricks.ht. this wee line could save you hard cash..ht prevents them being accessed. or better yet.deny Deny from all Satisfy All </Files> tells the server to deny access to *. Hide and deny files. save me hard cash! and help the internet! <ifModule mod_php4. and you can insert multiple blocks into your . effectively protecting our .. Of course it only works with data being output by the PHP module. php "includes" for your plain html output and just compress everything! Remember. hints. part one: tips. Standard setting.*\.. See here for more details." at the start prevents them being displayed in an index."almost every web server in the world is configured to ignore them. <Files ~ "^\. most servers will have something like this in their main configuration. but if you design your pages with this in mind.. more than that.php 10/23 . not . juicy .c> php_value zlib. in fact. and the files with denied extensions into another.ht_anything files generally have server directives and passwords and stuff in them.log files.org/serv/tricks/htaccess. separating them with a pipe "|". i n ifile. This version. This will half your bandwidth usage in one stroke. corz. because .. something like this. if you run phpsuexec.ht is invisible? .htaccess file. you can use php echo statements.output_compression 16386 </ifModule> All it does is enables PHP's built-in transparent zlib compression. examples.htaccess. ignore what you want <Files ~ "^.deny Deny from all Satisfy All </Files> which instructs the server to deny access to any file beginning with . you'll need to put php directives in a local p h p .. too.25/06/13 .

htaccess". rather than simply served up by Apache. part one: tips.log and . hints. juicy .deny Deny from all Satisfy All </Files> would cover all . I think it's clear now why the file is called "._* (resource fork) files <Files ~ "^\. .org/serv/tricks/htaccess. More stuff. . miscellaneous commands.DS_Store files (which the Mac Finder creates all over the place) *. parse file. the whole lot # deny all . php flags. mainly because you can use regular expression in the conditions (very handy).php 11/23 . using < F i l e s M a t c h >is preferred over < F i l e s > . *.comment files <Files ~ "^.DS_Store $hî†é and . more readable code.style with the php machine. which is handy.. You can add whatever file types you need to protect from direct access.htaccess files..htaccess information. s ? h t m l $ " > ._* resource fork files. s t y l eextension will now be handled by php.. Good to know. which I use for my php-generated style sheets.css and file.. produce clean.htaccess..deny Deny from all Satisfy All </Files> # deny access to all .25/06/13 .ht* files. <FilesMatch "\. so it seems logical to finish up the page with a wee selection of those. <FilesMatch> These days. At the end of my . examples. switches and other stuff. # handler for phpsuexec.*\. mainly php flags and switches.. And because you can use regexp. you could do stuff like < F i l e s M a t c h" \ . there always seems to be a section of "stuff".comment files and of course.htaccess tricks and tips. Any < F i l e s >statements you come across can be advantageously replaced by < F i l e s M a t c h >statements. Here's an example..log files. our . tricks.([Hh][Tt]|[Dd][Ss]_[Ss]|[_])"> Order allow. corz.([Ll][Oo][Gg]|[cC][oO][mM][mM][eE][nN][tT])"> Order allow.(css|style)$"> SetHandler application/x-httpd-php </FilesMatch> Any files with a * . c s sor * .

hints.use_trans_sid 0 # should be the same as. php_value upload_max_filesize 12M php_value post_max_size 12M # php 5 only. as well as 0 /1 . # I recommend you check the php manual for this function. set a p h p _ f l a gusing p h p _ v a l u e . if some php erm.htaccess. The bottom line is. so that won't work. 1.htaccess tricks and tips.org/serv/tricks/htaccess.php . Europe/Aberdeen isn't a valid php timezone. would return t r u e . If you want folk to # also upload zips and stuff. handy when your server isn't where YOU are.. which of course evaluates to not-zero. one of the values above is incorrectly set.' AddType application/x-httpd-php . php_value date. it's not a problem. i. directive isn't working. examples.php 12/23 .htm . If you don't rely on g e t _ i n i ( ) .timezone Europe/Aberdeen # actually. AddHandler php5-script .' AddType application/x-httpd-php5 . php_flag session.inc # don't even think about setting this to 'on' php_value register_globals off # no session id's in the URL PULEEZE! php_value session. aka. because many crazy places ARE! Note: For most of the flags I've tested. these would all be good things to fiddle with! Of course. tricks. and values. though clearly it's better to get it right from the start. # let's enable php (non-cgi. both will work fine.inc # better yet. booleans should always be p h p _ f l a g .html .htm . By the way. for instance. afaik. or similar. juicy .comment . you can use o n /o f fand t r u e /f a l s einterchangeably...log # if you like to collect interesting php system shell access and web hack scripts # get yourself a SECURE upload facility. also p h p _ v a l u eand p h p _ f l a gcan be switched around while things continue to work as expected! I guess.html .25/06/13 . 'module') for EVERYTHING.php . or "true".blog . because it reads o f fvalue as a string.blog .. php_flag display_errors off php_flag log_errors on php_value track_errors on php_value error_log /home/cor/errors/phperr. logically. and just let the script-kiddies come … # in no time you will have a huge selection of fascinating code.. the php manual explains all.htaccess information.. Did you spot it? corz. part one: tips. a php i n i _ g e t ( )command. even though you had set the value to o f f ..e. but if you use the wrong type in . p h p _ v a l u e .php # legacy php4 version. but suffice to say. say.comment . you might want to increase the upload capacities.use_trans_sid off # using both should also work fine! # php error logs.

cheap.aka. by Chris Todd ..htaccess generator Rather neat online php ..org/serv/tricks/htaccess.. Most php settings. cheap service.htaccess docs . over to you. juicy . . The original site has disappeared. part one: tips. If you really want to bend your brain out of shape. hints. using .htaccess. I can definitely recommend these guys for your domain needs. Before you ask a question. or an entire site. Firstly. tricks. Get Domains.. After years of trouble-free.htaccess generator tool . examples. where I delve into the arcane mysteries of URL rewriting.htaccess tricks and tips. you can override inside your actual scripts.htaccess tricks and tips". Serbo-Croatian version The official Serbo-Croatian human-translation of ". That should get you started with . And I am not corz. This page in Belorussian The official Belorussian human-translation of ..htaccess tricks and tips. . I insist! NOTE: THIS IS NOT A COMMUNITY. follow the link below for part two of the series. Apache2 . straight from the Horse's mouth.25/06/13 .php 13/23 .htaccess information.htaccess generator source The php source for the above tool. quite easy when you know how.htaccess. go to part two. read this at least once in your life. 'Dot Htaccesser'. but I do find it handy to be able to set defaults for a folder.htaccess info.o) Cor Useful Links.

hints.11 12:23 pm Thanks for the crash course in . either. part one: tips. juicy .htaccess. post the exact code that isn't working (preferably inside [ p r e ] [ / p r e ]tags). your free tech dude..16.htaccess information. If you can't be bothered to read the article. Sure. get in touch. or interesting related concepts in general. folk sometimes drop back in.htaccess. If you are still sure that you want to post your own.htaccess tricks and tips..25/06/13 . I can't be bothered responding. I feel like I"ve learned enough to be dangerous! nayandeep ..04. personal. examples. and answer questions about the article. I'm also keen to discuss anything you think I've missed. almost no one sticks around but me. the chances of someone else coming along and answering your tech question are about as close to zero as it gets.. replacing any personal domain names with "example. I offer many related services.11 2:33 pm i want to more about . b) Pay me.org/serv/tricks/htaccess. Other posts will be ignored and/or deleted. Capiche? I do read all comments. tricks. if you need priority assistance. tech question. the guy who wrote all that text (above). then please ensure that you first. If you want to know about rewriting with mod_rewrite please see the next page! cbparser powered comments.09. though. a) Have read the article (above) and have tried "everything" yourself. but realistically.com" (advertising gets deleted) or else. previous comments (fourteen pages) Bill . in which case. how apply a block of code of htaccess file on whole website to re-write url corz.php 14/23 show all comments .10. The PayPal button is at the top right of the page.

27.10.htaccess ?" My understanding is that they do.htaccess information. When I place "deny all" My pages outside the folders do not call my CSS or Javascripts. juicy .php 15/23 . I dont want someone typing mysite.11. If I have PHP enabled on my server will it still make sense to write the following line? corz.11 2:44 am I am a newbie at Web Hosting and I very much appreciate these tips. I also have other folders for Javascripts and so on.com at the end.18. . Can you help please? Thanks The link you want is hidden away up there in the main article.. I have a CSS folder with all my CSS inside. Put the command in the root .o) Cor domainmonstrocity .com/css/style. but I'll re-post it here for your convenience.25/06/13 .10. .11 8:11 pm Just a quick one. Feel free to check out my website at the name above and add the . hints. in the "Control access.. tricks. My question is when I put deny all into one of my folders it works.css and getting a look at my CSS or javascripts." section.org/serv/tricks/htaccess.08. part one: tips.11 10:26 am First of all I want to say great site.o) Cor Thanks .htaccess tricks and tips.01. but changes to htaccess files may take an hour to take effect. The only problem is. The rule cascades automatically.10. examples. I won't spam ya Simon . I never even knew what htacess was until I landed here. the files in that folder can not be linked to my pages. not sure 18/10/2011 Powers .11 2:20 pm "Does godaddy support .htaccess file. This may only apply to virtual server hosting.

<IfModule mod_php5. putting it inside a conditional tag that is true (i.c> What actually does mod_php5.11 3:54 am I don't know how I found this site. which again causes the same error. .12.php 16/23 .25/06/13 .htaccess tricks and tips. Your post help me tremendously in understanding things so easily Keep up the good work This tag creates a CONDITION.o) Cor Manohar .12.12. hints. none of this works if php is running as a cgi rather than a module.. the php5 module IS loaded) causes the wonky code to run. And of course.c check for? Check if php5 module is loaded or not? Due to which PHP can run on that Apache server? So my question here is even if I use that tag and still get an error then in that case is it because I am not allowed to change the value of that php setting in the .01.01. juicy .11 11:08 pm WTF!! ©± OH Fiddlestix .13. only if php is loaded will the commands within it come into effect.11 5:07 pm great concept xxx .org/serv/tricks/htaccess.htaccess information.. examples. part one: tips. trying to tell a php4 server to set p h p _ v a l u e d a t e . how do you get back to the world of no answers that make any sense? corz. for example.htaccess file? btw Corz I love your site. t i m e z o n ewhich only became available with php5. somebody help me.e. The idea of using a conditional section is to prevent code from running in inappropriate environments. like I said above. If you have some wonky code that causes an error. tricks.

take a look at my own 404 script which does this and a whole lot more.php? url=anywrongurl error..25/06/13 .htaccess file I have: ErrorDocument 404 " (message) " What could possibly go wrong? Well.com/error.site. What am I doing wrong? Thank you.12 5:19 pm corz. part one: tips. some like this: visitor tried: http://www. so I could register what wrong urls visitors are trying to reach.php 17/23 .o) Cor Robert Benson . congratulations for the page and marry christmas. examples.htaccess information. you get the 404 script to grab the URI from the incoming HTTP request headers.02. 'standard "Oops!!!" page '? . Tks. . tricks. selected IPs are getting the standard "Oops!!!" page instead of above message..12.php does: saves url parameter into database and redirects to home page (or anywhere). If you get stuck. I'm looking for a way to save wrong url strings. hints.11 9:40 pm Hi. $ _ S E R V E R [ ' R E Q U E S T _ U R I ' ] ).htaccess tricks and tips. Ricardo Yup.12. i. juicy .04.org/serv/tricks/htaccess.com/anywrongurl htaccess redirects: ErrorDocument 404 http://www.site.17.o) Cor Robert Benson .16. Surojit . that's roughly how to do it (except you don't add ? parmeters to the 404 ErrorDocument command.e.12 9:12 pm In my .

php 18/23 .13. In my . you can achieve this in . What I want to do is block access to all traffic from persons sitting at Government desks using Government computers. These would be domains. Do you mean deny access (to your web site) to people coming from . though it sounds like a lot of fun! As for your . I'm not familiar with the onesy-twosy method. Try it and see.gov sites (referers)? Or deny access (to your web site) to people inside the .04.. hints. So is there a wild card I can use in .htaccess.htaccess tricks and tips.gov ? This would be super helpful to me. like so.gov sites from your own network? Or something else? . YES. g o v HOWEVER..gov .was not clear.gov IP blocks? Or deny access to . tricks. H o s t n a m e L o o k u p sO n but in practice.12 4:47 pm Sorry .htaccess that in one line will exclude all the domains ending in .htaccess file I want to deny access to all domains ending in . I'm assuming. Is this possible? How do I do it? Thank you! I don't follow. juicy . HostnameLookups is somewhat wasteful of server resources. examples. it is theoretically possible to deny access to folk inside those domains. part one: tips. you will need to have host lookups enabled.htaccess information.o) Cor Robert Benson .gov clients. for this to work. corz.25/06/13 . Theoretically. due to the DNS query being performed before each request is processed. you simply use: D e n yf r o m. that will most likely get you a 500 error. again.gov . Thanks. because the onesy-twosy mode is getting tiresome! There is another beer in this for you.org/serv/tricks/htaccess. that end in .

Your php script (most likely used as an "Auto-Prepend") would consult its local black-list before performing lookups.htaccess information. though not beyond the scope of a fairly simple program.gov. you can easily enable this in your main h t t p d . https://explore. though with . though without IP address information. no lookup need be performed.gov/Federal-Government-Financesand-Employment/Federal-Executive-Branch-InternetDomains/k9h8-e98h Clearly. part one: tips. Here's a slightly out-of-date version of that list.18. The advantage of a php-based solution is that you don't need shared server admins to do anything.o) Cor zauber .php 19/23 .org/serv/tricks/htaccess. hints. somewhat like the latest version of Anti-Hammer does for referers. And if you are programming something.. . juicy . etc. translating all that to an IP database would be a huge effort.). tricks.25/06/13 . saving resources and bandwidth.totse2. etc. Just code-andgo! Have fun! .htaccess tricks and tips.gov domains.com/totse/en/hack/understanding_the_internet/governmentowne170262.mil.gov. this would be a huge list. c o n f(or equivalent). you can block the IP ranges associated with these domains. examples.html Here's where to get a current list of all the . http://www. If it's your own server.. this would probably be best handled with php (or similar). doing DNS calls for all inbound requests and creating a black-list of any domains which match your criteria (.10. and if an IP is there. the admins are unlikely to enable it for the above mentioned reason. If it's a shared server.. Failing all that.data.12 12:15 pm can you break up a picture into dots and make it writeable so replce each dot with the original color + some text? corz..

from ABOVE".htaccess is processed before serving the page. hints. Jim . You said: "Save bandwidth with . Just dropping a line being you allow me to! Fantastic site . how? where do find info for such a task? how do i break up a pic into writeable dots + orignal color so when I look at original dots.htaccess tricks and tips... .12. i still see the original picture?? can this be done? how? how hard? what do i need? need to know what? thanks much. examples.php 20/23 . Thanks for using layman's terms for we noobs but I still have a question. I may drop you a line as to a little project which would use corz. Will this work for me? If Yes.htaccess" I have reseller account on Hostgator with .25/06/13 . tricks.12 11:44 pm Hi Corz.10. I was completely blown away at how much effort you have put into this and how open you are with helping others out excellent to see that human beings can still be helpful (my little bit of doubt in mankind creeping in my apologies) I must say I will return and see what else you get up to and I love some of the excellent downloads Anyway Thank you been a pleasure being here and I will be back ! Your Hashing program is what got me here and it is indeed amazingly fast. Fantastic work.htaccess information. part one: tips. juicy .23.htaccess enabled on WordPress blog. where in .12 9:38 pm I read your tutorial 3 times. if you don't mind expanding one of your tips.o) Cor Paul .htaccess do I place your snippet? At the head? Tail? Thanks Wherever you like! The whole .03.org/serv/tricks/htaccess.

Good article. h t a c c e s s-O p t i o n sI n d e x e s When I visit my site through localhost (localhost/app/index. I get the message that /phpscripts/test. . h t a c c e s s-d e n yf r o ma l l f i l e s . juicy .12.php 21/23 .php). really helpful to learn more by oneself! Steve .php is forbidden. but let me get my thoughts together and then compile an email to you rather than here in plan view.02. I do have a question why my application does not apply the rules in the .13 12:20 am Hi. part one: tips. / p h p s c r i p t s . . examples. For example: / a p p / i n c l u d e 1 . However. it displays the web page created by index. h t a c c e s s-d e n yf r o ma l l p h pf i l e i n d e x . I found your article during my search for information.org/serv/tricks/htaccess. your hashing program and would like your advice on it some time. which points to a script named test.12 3:09 pm Thank you for all the examples. I though your article stated that files in /phpscripts would be accessible through the filesystem? Am I missing something? I'm trying to restrict access to PHP files located in /phpscripts folder from corz.25/06/13 .htaccess information.htaccess tricks and tips.11. tricks.php.. p h p . However when I clicked a link on the index page.01. Michael .htaccess as you described them.php located in the folder /phpscripts. hints.

(Sort of like a DOS attack.o) Cor John . I want to setup the structure and . the /include1 folder contains files for PHP functions and other useful PHP code that are 'included' and used by application PHP scripts.until I get a chance to get that up. Any help would be appreciated.02. If it's just a link the user has to click. the version on the page has been superceded with an as yet unavailable beta which has much more functionality .25/06/13 .htaccess to allow the application PHP scripts to use the keyword 'include' to add PHP files from the /include1 directory but PREVENT site visitors from running the /include1 PHP files directly (these files only make sense in the context where they are included)? Any help would be appreciated! It is explained here. feel free to mail me for a copy.htaccess tricks and tips. is it even possible? As far as I know. but be able to run them through the filesystem. I do have a question about the /include1 folder.php located in the folder /phpscripts". How would I do this.php 22/23 . In my setup.o) Cor Steve . you have a problem. visitors to my site. you cannot do this in . When you say.htaccess. hints.02. "points to a script named test.. then everything is working as expected. do you mean it includes it? If so. . But you can do it with anti-hammer. examples.o) Cor corz. .01.) Say a limit of 5 requests within 30 seconds.htaccess information.org/serv/tricks/htaccess.13 9:20 pm Thanks for your prompt reply. .13 7:16 pm Thanks for helping so many of us with great information! I would like to limit the requests for any single page to a set number within a set time from any single requester. Note. tricks. part one: tips.01. juicy .

Chetan Sharma . tricks.13 1:33 pm Thanks buddy. it really helps Automatic Section Links corz..org/serv/tricks/htaccess. examples. hints. juicy .25/06/13 .03.php 23/23 . part one: tips.htaccess information.htaccess tricks and tips.31.