Main Menu

browser lang:en

Users Area

today cache size is:222615

rss 2.0 for all sections

Portfolio

Some of my projects:
CTIBA
MA-NO Web Agency
BluPool
L'Pratone
Travel in Hotel
Yacht Elements
AbruzzoWeb
Il Mastino
CSI Teramo
Innovazione S.p.a.

Comments

John
24/07/2010 by John
better
16/04/2010 by bob
attached files not working !
05/11/2009 by Adnan
Tuvok
14/02/2009 by
Nice script
07/02/2009 by desaj
Other solutions
07/02/2009 by Mike
well
06/02/2009 by holy
Theif
06/02/2009 by

RAPIDQ

Rapid-Q:The lost files
My old library where i have collected all the rapidq scripts and italian help

Today my pagerank is:

Apache - .htaccess

.htaccess file is the configuration file for the Apache Web Server that provides a number of directives for configuring Apache and Apache Modules

If you look around the site you’ll notice .htaccess tricks that nobody else has, .htaccess tricks that push the limits. This isn’t an introduction to .htaccess, this is the evolution of .htaccess files for your website.

Htaccess Guide Intro

.htaccess files are similar to httpd.conf the main server configuration file, but htaccess is allowed anywhere and is used to control the directory (recursively) they are placed in. Many web hosts allow .htaccess (DreamHost, Powweb, MediaTemple) files for their webhosting customers but don’t make them a selling point or explain how to use the .htaccess file since so few people have heard of it.

Intended Audience: Elite: Web developers, Server administrators, hosting provider techs, students, and anyone else curious about .htaccess: the best subject to learn for a website owner.

Originally this page was known as the “Ultimate .htaccess Guide” but I’ve been regularly adding new .htaccess tricks and .htaccess examples for several years. I also add my favorite .htacess tutorials, .htaccess tricks published elsewhere, results from some my .htaccess experiments and basically try to continually improve this article! The reason is because various Web Hosting companies Support Staff send customers here, Higher-Education Institutions/Profs bring students here, but the main reason to create the best .htaccess resource on the Net is because I’m sorta obsessed with finding the coolest htaccess tricks, and I’ve got some cool ones I promise you that!

The .htaccess file is an incredibly useful powerful tool that WILL make your life so much easier if you learn to use it. I learn about .htaccess by reading the Apache HTTP Server Source Code, including all the various module source (like mod_rewrite) and then doing my own hacking/research which I sometimes publish. I chose the name AskApache because of that very reason, and from respect for the ASF Contributors and Developers, well-known world-wide for their superior programming skills and inexhaustible dedication to keeping it all free… Here’s what they say (minus the bold, mine):

Best .htaccess Articles

Note: The .htaccess example code included on this page is just a small taste of the article they reference.

.htaccess for Webmasters

Redirect Everyone Except IP address to alternate page

ErrorDocument 403 http://www.yahoo.com/
Order deny,allow
Deny from all
Allow from 208.113.134.190

When developing sites

This lets google crawl the page, lets me access without a password, and lets my client access the page WITH a password. It also allows for XHTML and CSS validation! (w3.org)

AuthName "Under Development"
AuthUserFile /home/sitename.com/.htpasswd
AuthType basic
Require valid-user
Order deny,allow
Deny from all
Allow from 208.113.134.190 w3.org htmlhelp.com googlebot.com
Satisfy Any

Fix double-login prompt

Redirect non-https requests to https server and ensure that .htpasswd authorization can only be entered across HTTPS

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "askapache.com"
ErrorDocument 403 https://askapache.com

Set Timezone of the Server (GMT)

SetEnv TZ America/Indianapolis

Administrator Email for ErrorDocument

SetEnv SERVER_ADMIN webmaster@google.com

`ServerSignature` for `ErrorDocument`

ServerSignature off | on | email

Charset and Language headers

Article: Setting Charset in htaccess, and article by Richard Ishida

AddDefaultCharset UTF-8
DefaultLanguage en-US

Disallow Script Execution

Options -ExecCGI
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi

Deny Request Methods

RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|OPTIONS|POST|PUT)
RewriteRule .* - [F]

Force “File Save As” Prompt

AddType application/octet-stream .avi .mpg .mov .pdf .xls .mp4

Show CGI Source Code

RemoveHandler cgi-script .pl .py .cgi
AddType text/plain .pl .py .cgi

Mod_Rewrite URL Rewriting

Undocumented techniques and methods will allow you to utilize mod_rewrite at an “expert level” by showing you how to unlock its secrets.

Rewrite to www

RewriteCond %{REQUEST_URI} !^/(robots\.txt|favicon\.ico|sitemap\.xml)$
RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
RewriteRule ^(.*)$ http://www.askapache.com/$1 [R=301,L]

Rewrite to www dynamically

RewriteCond %{REQUEST_URI} !^/robots\.txt$ [NC]
RewriteCond %{HTTP_HOST} !^www\.[a-z-]+\.[a-z]{2,6} [NC]
RewriteCond %{HTTP_HOST} ([a-z-]+\.[a-z]{2,6})$     [NC]
RewriteRule ^/(.*)$ http://%1/$1 [R=301,L]

Apache HTTP Project FAQ Why is mod_rewrite so difficult to learn and seems so complicated?
Hmmm… there are a lot of reasons. First, mod_rewrite itself is a powerful module which can help you in really all aspects of URL rewriting, so it can be no trivial module per definition. To accomplish its hard job it uses software leverage and makes use of a powerful regular expression library by Henry Spencer which is an integral part of Apache since its version 1.2. And regular expressions itself can be difficult to newbies, while providing the most flexible power to the advanced hacker.

301 Redirects without mod_rewrite

301 Redirect Old File

Redirect 301 /old/file.html http://www.askapache.com/new/file.html

301 Redirect Entire Directory

RedirectMatch 301 /blog(.*) http://www.askapache.com/$1

Secure PHP with .htaccess

If you have a php.cgi or php.ini file in your /cgi-bin/ directory or other pub directory, try requesting them from your web browser. If your php.ini shows up or worse you are able to execute your php cgi, you’ll need to secure it ASAP. This shows several ways to secure these files, and other interpreters like perl, fastCGI, bash, csh, etc.

Protecting your php.cgi

<FilesMatch "^php5?\.(ini|cgi)$">
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</FilesMatch>

.htaccess Cookie Manipulation

Fresh .htaccess code for you! Check out the Cookie Manipulation and environment variable usage with mod_rewrite! I also included a couple Mod_Security .htaccess examples. Enjoy!

Set Cookie based on Request

This code sends the Set-Cookie header to create a cookie on the client with the value of a matching item in 2nd parantheses.

RewriteEngine On
RewriteBase /
RewriteRule ^(.*)(de|es|fr|it|ja|ru|en)/$ - [co=lang:$2:.askapache.com:7200:/]

Set Cookie with env variable

Header set Set-Cookie "language=%{lang}e; path=/;" env=lang

.htaccess Caching

Implementing a Caching Scheme with .htaccess

# year
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|mp3|mp4)$">
Header set Cache-Control "public"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
Header unset Last-Modified
</FilesMatch>
 
#2 hours
<FilesMatch "\.(html|htm|xml|txt|xsl)$">
Header set Cache-Control "max-age=7200, must-revalidate"
</FilesMatch>
 
<FilesMatch "\.(js|css)$">
SetOutputFilter DEFLATE
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
</FilesMatch>

Password Protection and Authentication

Password Protect single file

<Files login.php>
   AuthName "Prompt"
   AuthType Basic
   AuthUserFile /home/askapache.com/.htpasswd
   Require valid-user
</Files>

Password Protect multiple files

<FilesMatch "^(private|phpinfo)\.*$">
   AuthName "Development"
   AuthUserFile /.htpasswd
   AuthType basic
   Require valid-user
</FilesMatch>

Control HTTP Headers

Send Custom Headers

Header set P3P "policyref=\"http://www.askapache.com/w3c/p3p.xml\""
Header set X-Pingback "http://www.askapache.com/xmlrpc.php"
Header set Content-Language "en-US"
Header set Vary "Accept-Encoding"

Blocking Spam and bad Bots

Want to block a bad robot or web scraper using .htaccess files? Here are 2 methods that illustrate blocking 436 various user-agents. You can block them using either SetEnvIf methods, or by using Rewrite Blocks.

Blocking based on User-Agent Header

SetEnvIfNoCase ^User-Agent$ .*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures) HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(libwww-perl|aesop_com_spiderman) HTTP_SAFE_BADBOT
Deny from env=HTTP_SAFE_BADBOT

Blocking with RewriteCond

RewriteCond %{HTTP_USER_AGENT} ^.*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures).*$ [NC]
RewriteRule . - [F,L]

PHP htaccess tips

By using some cool .htaccess tricks we can control PHP to be run as a cgi or a module. If php is run as a cgi then we need to compile it ourselves or use .htaccess to force php to use a local php.ini file. If it is running as a module then we can use various directives supplied by that modules in .htaccess

.htaccess for mod_php

SetEnv PHPRC /location/todir/containing/phpinifile

.htaccess for php as cgi

AddHandler php-cgi .php .htm
Action php-cgi /cgi-bin/php5.cgi

Shell wrapper for custom php.ini

#!/bin/sh
export PHP_FCGI_CHILDREN=3
exec php5.cgi -c /abs/php5/php.ini

HTTP to HTTPS Redirects with mod_rewrite

This is freaking sweet if you use SSL I promise you! Basically instead of having to check for HTTPS using a RewriteCond %{HTTPS} =on for every redirect that can be either HTTP or HTTPS, I set an environment variable once with the value “http” or “https” if HTTP or HTTPS is being used for that request, and use that env variable in the RewriteRule.

SSL in .htaccess

SetEnvIf and SetEnvIfNoCase in .htaccess

Add values from HTTP Headers

SetEnvIfNoCase ^If-Modified-Since$ "(.+)" HTTP_IF_MODIFIED_SINCE=$1
SetEnvIfNoCase ^If-None-Match$ "(.+)" HTTP_IF_NONE_MATCH=$1
SetEnvIfNoCase ^Cache-Control$ "(.+)" HTTP_CACHE_CONTROL=$1
SetEnvIfNoCase ^Connection$ "(.+)" HTTP_CONNECTION=$1
SetEnvIfNoCase ^Keep-Alive$ "(.+)" HTTP_KEEP_ALIVE=$1
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
SetEnvIfNoCase ^Cookie$ "(.+)" HTTP_MY_COOKIE=$1

Site Security with .htaccess

chmod .htpasswd files 640, chmod .htaccess 644, php files 600, and chmod files that you really dont want people to see as 400. (NEVER chmod 777, try 766)

Stop hotlinking

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?askapache.com/.*$ [NC]
RewriteRule \.(gif|jpg|swf|flv|png)$ http://www.askapache.com/feed.gif [R=302,L]

ErrorDocuments

See all 57 .htaccess ErrorDocuments

ErrorDocument 400 /htaccess/400_BAD_REQUEST.html
ErrorDocument 401 /htaccess/401_UNAUTHORIZED.html
ErrorDocument 403 /htaccess/403_FORBIDDEN.html
ErrorDocument 404 /htccess/index.php?error=404
ErrorDocument 502 /htaccess/502_BAD_GATEWAY.html
ErrorDocument 503 /htaccess/503_SERVICE_UNAVAILABLE.html

.htaccess Security with MOD_SECURITY

Turn logging off for IP

SecFilterSelective REMOTE_ADDR "208\.113\.183\.103" "nolog,noauditlog,pass"

Turn logging on for IP

SecFilterSelective REMOTE_ADDR “!^208\.113\.183\.103″ “nolog,noauditlog,pass”
SecFilterSelective REMOTE_ADDR “208\.113\.183\.103″ “log,auditlog,pass”

Core .htaccess Directives

Here’s how to find the directives available in the core of apache httpd that you can use in your .htaccess file. You can find out what your httpd allows if you can access the httpd binary from a shell by typing the following command from a shell.

./httpd -L|grep -B 2 "htaccess"|grep -v '-'

.htaccess Commands

Files: Container for directives affecting files matching specified patterns
Limit: Container for authentication directives when accessed using specified HTTP methods
LimitExcept: Container for authentication directives to be applied when any HTTP method other than those specified is used to access the resource
IfModule: Container for directives based on existance of specified modules
IfDefine: Container for directives based on existance of command line defines
FilesMatch: Container for directives affecting files matching specified patterns
AuthType: An HTTP authorization type (e.g., “Basic”)
AuthName: The authentication realm (e.g. “Members Only”)
Require: Selects which authenticated users or groups may access a protected space
Satisfy: access policy if both allow and require used (’all’ or ‘any’)
AddDefaultCharset: The name of the default charset to add to any Content-Type without one or ‘Off’ to disable
AcceptPathInfo: Set to on or off for PATH_INFO to be accepted by handlers, or default for the per-handler preference when AllowOverride includes FileInfo
ErrorDocument: Change responses for HTTP errors
Options: Set a number of attributes for a given directory
DefaultType: the default MIME type for untypable files
FileETag: Specify components used to construct a file’s ETag
ServerSignature: En-/disable server signature (on|off|email)
ContentDigest: whether or not to send a Content-MD5 header with each request
LimitRequestBody: Limit (in bytes) on maximum size of request message body
LimitXMLRequestBody: Limit (in bytes) on maximum size of an XML-based request body
ForceType: a mime type that overrides other configured type
SetHandler: a handler name that overrides any other configured handler
SetOutputFilter: filter (or ; delimited list of filters) to be run on the request content
SetInputFilter: filter (or ; delimited list of filters) to be run on the request body
AddOutputFilterByType: output filter name followed by one or more content-types

Module Directives

Here are just a few of the modules that come with Apache. Each one can have new commands for use in .htaccess file scopes.

mod_actions.c, mod_alias.c, mod_asis.c, mod_auth_basic.c, mod_auth_digest.c, mod_authn_anon.c, mod_authn_dbd.c, mod_authn_dbm.c, mod_authn_default.c, mod_authn_file.c, mod_authz_dbm.c, mod_authz_default.c, mod_authz_groupfile.c, mod_authz_host.c, mod_authz_owner.c, mod_authz_user.c, mod_autoindex.c, mod_cache.c, mod_cern_meta.c, mod_cgi.c, mod_dav.c, mod_dav_fs.c, mod_dbd.c, mod_deflate.c, mod_dir.c, mod_disk_cache.c, mod_dumpio.c, mod_env.c, mod_expires.c, mod_ext_filter.c, mod_file_cache.c, mod_filter.c, mod_headers.c, mod_ident.c, mod_imagemap.c, mod_include.c, mod_info.c, mod_log_config.c, mod_log_forensic.c, mod_logio.c, mod_mem_cache.c, mod_mime.c, mod_mime_magic.c, mod_negotiation.c, mod_proxy.c, mod_proxy_ajp.c, mod_proxy_balancer.c, mod_proxy_connect.c, mod_proxy_ftp.c, mod_proxy_http.c, mod_rewrite.c, mod_setenvif.c, mod_speling.c, mod_ssl.c, mod_status.c, mod_substitute.c, mod_unique_id.c, mod_userdir.c, mod_usertrack.c, mod_version.c, mod_vhost_alias.c

Directives Allowed in .htaccess

<Directory
<DirectoryMatch
<Files
<FilesMatch
<IfDefine
<IfVersion
<IfModule
<Limit
<LimitExcept
<Location
<LocationMatch
<Proxy
<ProxyMatch
<VirtualHost
AcceptMutex
AcceptPathInfo
AccessFileName
Action
AddCharset
AddDefaultCharset
AddDescription
AddEncoding
AddHandler
AddInputFilter
AddLanguage
AddOutputFilter
AddOutputFilterByType
AddType
Alias
AliasMatch
AllowCONNECT
AllowOverride
Anonymous
Anonymous_Authoritative
Anonymous_LogEmail
Anonymous_MustGiveEmail
Anonymous_NoUserId
Anonymous_VerifyEmail
AuthAuthoritative
AuthDBMAuthoritative
AuthDBMGroupFile
AuthDBMType
AuthDBMUserFile
AuthDigestAlgorithm
AuthDigestDomain
AuthDigestFile
AuthDigestGroupFile
AuthDigestNcCheck
AuthDigestNonceFormat
AuthDigestNonceLifetime
AuthDigestQop
AuthDigestShmemSize
AuthGroupFile
AuthName
AuthType
AuthUserFile
BS2000Account
BrowserMatch
BrowserMatchNoCase
CacheNegotiatedDocs
CharsetDefault
CharsetOptions
CharsetSourceEnc
CheckSpelling
ContentDigest
CookieDomain
CookieExpires
CookieName
CookieStyle
CookieTracking
CoreDumpDirectory
DAV
DAVDepthInfinity
DAVMinTimeout
DefaultIcon
DefaultLanguage
DefaultType
DocumentRoot
ErrorDocument
ErrorLog
ExtFilterDefine
ExtFilterOptions
FancyIndexing
FileETag
ForceLanguagePriority
ForceType
GprofDir
Header
HeaderName
HostnameLookups
IdentityCheck
ImapBase
ImapDefault
ImapMenu
Include
IndexIgnore
LanguagePriority
LimitRequestBody
LimitRequestFields
LimitRequestFieldsize
LimitRequestLine
LimitXMLRequestBody
LockFile
LogLevel
MaxRequestsPerChild
MultiviewsMatch
NameVirtualHost
NoProxy
Options
PassEnv
PidFile
Port
ProxyBlock
ProxyDomain
ProxyErrorOverride
ProxyIOBufferSize
ProxyMaxForwards
ProxyPass
ProxyPassReverse
ProxyPreserveHost
ProxyReceiveBufferSize
ProxyRemote
ProxyRemoteMatch
ProxyRequests
ProxyTimeout
ProxyVia
RLimitCPU
RLimitMEM
RLimitNPROC
ReadmeName
Redirect
RedirectMatch
RedirectPermanent
RedirectTemp
RemoveCharset
RemoveEncoding
RemoveHandler
RemoveInputFilter
RemoveLanguage
RemoveOutputFilter
RemoveType
RequestHeader
Require
RewriteCond
RewriteRule
SSIEndTag
SSIErrorMsg
SSIStartTag
SSITimeFormat
SSIUndefinedEcho
Satisfy
ScoreBoardFile
Script
ScriptAlias
ScriptAliasMatch
ScriptInterpreterSource
ServerAdmin
ServerAlias
ServerName
ServerPath
ServerRoot
ServerSignature
ServerTokens
SetEnv
SetEnvIf
SetEnvIfNoCase
SetHandler
SetInputFilter
SetOutputFilter
Timeout
TypesConfig
UnsetEnv
UseCanonicalName
XBitHack
allow
deny
order
CGIMapExtension
EnableMMAP
ISAPIAppendLogToErrors
ISAPIAppendLogToQuery
ISAPICacheFile
ISAPIFakeAsync
ISAPILogNotSupported
ISAPIReadAheadBuffer
SSLLog
SSLLogLevel
MaxMemFree
ModMimeUsePathInfo
EnableSendfile
ProxyBadHeader
AllowEncodedSlashes
LimitInternalRecursion
EnableExceptionHook
TraceEnable
ProxyFtpDirCharset
AuthBasicAuthoritative
AuthBasicProvider
AuthDefaultAuthoritative
AuthDigestProvider
AuthLDAPAuthzEnabled
AuthLDAPBindDN
AuthLDAPBindPassword
AuthLDAPCharsetConfig
AuthLDAPCompareDNOnServer
AuthLDAPDereferenceAliases
AuthLDAPGroupAttribute
AuthLDAPGroupAttributeIsDN
AuthLDAPRemoteUserIsDN
AuthLDAPURL
AuthzDBMAuthoritative
AuthzDBMType
AuthzDefaultAuthoritative
AuthzGroupFileAuthoritative
AuthzLDAPAuthoritative
AuthzOwnerAuthoritative
AuthzUserAuthoritative
BalancerMember
DAVGenericLockDB
FilterChain
FilterDeclare
FilterProtocol
FilterProvider
FilterTrace
IdentityCheckTimeout
IndexStyleSheet
ProxyPassReverseCookieDomain
ProxyPassReverseCookiePath
ProxySet
ProxyStatus
ThreadStackSize
AcceptFilter
Protocol
AuthDBDUserPWQuery
AuthDBDUserRealmQuery
UseCanonicalPhysicalPort
CheckCaseOnly
AuthLDAPRemoteUserAttribute
ProxyPassMatch
SSIAccessEnable
Substitute
ProxyPassInterpolateEnv

How to configure MX records for incoming SMTP e-mail traffic

When you want to run your own mail server, and it does not matter what version and make of mail server you're using - as long as the mail…

27/03/2010 - by admin - 0 comments

Enabling mod_rewrite in xampp and windows

Below I will quickly and easily show you how to enable Apache's mod_rewrite in XAMPP Windows. If you are unclear on what mod_rewrite is, it basically takes a long query…

08/07/2009 - by admin - 0 comments