Page 1 of 1

FAQ: Comprehensive guide to htaccess

Posted: Wed Jan 18, 2006 3:29 am
by leolam
Comprehensive guide to htaccess (with examples)

Contains examples:

    * preventing directory listing (protect your images/zips etc)
    * redirects (ex. moving Mambo/Joomla to one other directory)
    * prevent hot linking (prevent unpaid and autorised linking and stealing)
    * protect the php in a Mambo/Joomla wrapper

For the users of this forum:: This is an extract from a guide that will appear on a site a group of professionals is launching within the next couple of days. The formal announcement will follow soon. The site will provide dedicated and professional support to Joomla! & Mambo users and is the result of certain events on this forum over the past month. Tutorials will be accessible through the specific site and will be posted here as well as pay-back to this community. This is just a tiny little piece of what's coming. Stay tuned!

note: I will not give support on individual htaccess issues on this forum after publishing this guide so please direct them to the right sections in this forum.


Introduction


An htaccess file is a simple ASCII file, such as you would create through a text editor like NotePad or SimpleText. Many people seem to have some confusion over the naming convention for the file, so let me get that out of the way.

      .htaccess is the file extension. It is not file.htaccess or somepage.htaccess, it is simply named .htaccess


In order to create the file, open up a text editor and save an empty page as .htaccess (or type in one character, as some editors will not let you save an empty page). Chances are that your editor will append its default file extension to the name (ex: for Notepad it would call the file .htaccess.txt). You need to remove the .txt (or other) file extension in order to get yourself ‘htaccessing’ You can do this by right clicking on the file and renaming it by removing anything that doesn't say .htaccess. You can also rename it via telnet or your ftp program, and you should be familiar enough with one of those so as not to need explaining. This renaming the .txt to .htaccess is one of the prerequisites of using SEO/SEF with Joomla/Mambo

htaccess files must be uploaded as ASCII mode, not BINARY. You need to CHMOD the htaccess file to 644 or (RW-R--R--). This makes the file usable by the server, but prevents it from being read by a browser, which can seriously compromise your security. (For example, if you have password protected directories, if a browser can read the htaccess file, then they can get the location of the authentication file and then reverse engineer the list to get full access to any portion that you previously had protected. There are different ways to prevent this, one being to place all your authentication files above the root directory so that they are not www accessible, and the other is through an htaccess series of commands that prevents itself from being accessed by a browser, more on that later)

Most commands in htaccess are meant to be placed on one line only, so if you use a text editor that uses word-wrap, make sure it is disabled or it might throw in a few characters that annoy Apache to no end, although Apache is typically very forgiving of malformed content in an htaccess file. The best thing to do is use Notepad or Notepad-Pro or Dreamweaver or something equivalent.

        htaccess is an Apache thing, not an WindowsSerevr/NT thing. There are similar capabilities for W/NT -servers, though in our professional experience and personal opinion, W/NT's ability in these areas is severely handicapped. But that's not what we're here for.

htaccess files affect the directory they are placed in and all sub-directories, that is an htaccess file located in your root directory (yoursite.com) would affect yoursite.com/content, yoursite.com/content/contents, etc. It is important to note that this can be prevented (if, for example, you did not want certain htaccess commands to affect a specific directory) by placing a new htaccess file within the directory you don't want affected with certain changes, and removing the specific command(s) from the new htaccess file that you do not want affecting this directory. In short, the nearest htaccess file to the current directory is treated as the htaccess file. If the nearest htaccess file is your global htaccess located in your root, then it affects every single directory in your entire site.

Before you go off and plant htaccess everywhere, read through this and make sure you don't do anything redundant, since it is possible to cause an infinite loop of redirects or errors if you place something weird in the htaccess.

Also...some sites do not allow use of htaccess files, since depending on what they are doing, they can slow down a server overloaded with domains if they are all using htaccess files. I can't stress this enough: You need to make sure you are allowed to use htaccess before you actually use it. Some things that htaccess can do can compromise a server configuration that has been specifically setup by the admin, so don't get in trouble.

Now here is some examples and howto’s:

Preventing Directory listing
Do you have a directory full of images (such as your Jooma/images/Stories-folder) or zips (in your repository-download folder) that you do not want people to be able to browse through? Typically a server is setup to prevent directory listing, but sometimes they are not. If not, become self-sufficient and fix it yourself:

Code: Select all

IndexIgnore *


The * is a wildcard that matches all files, so if you stick that line into an htaccess file in your images directory, nothing in that directory will be allowed to be listed. On the other hand, what if you did want the directory contents to be listed, but only if they were HTML pages and not images?:

Code: Select all

IndexIgnore *.gif *.jpg


This would return a list of all files not ending in .jpg or .gif, but would still list .txt, .html, etc.

Redirects

(for instance your Mambo or Joomla installation from one site/directory to one other)
Ever go through the nightmare of changing significantly portions of your site, then having to deal with the problem of people finding their way from the old pages to the new? It happens often when updating, changing hosts, changing to sub-directories etc. It can be nasty. There are different ways of redirecting pages but the most effective way of doing it through htaccess.

htaccess uses redirect to look for any request for a specific page (or a non-specific location, though this can cause infinite loops) and if it finds that request, it forwards it to a new page you have specified:

Code: Select all

Redirect /olddirectory/oldfile.html http://yoursite.com/newdirectory/newfile.html


Note that there are 3 parts to that, which should all be on one line : the Redirect command, the location of the file/directory you want redirected relative to the root of your site (/olddirectory/oldfile.html = yoursite.com/olddirectory/oldfile.html) and the full URL of the location you want that request sent to. Each of the 3 is separated by a single space, but all on one line. You can also redirect an entire directory by simple using

Code: Select all

Redirect /olddirectory http://yoursite.com/newdirectory/ 

This is extremely useful when you move Mambo or Joomla from one directory to another!


Using this method, you can redirect any number of pages no matter what you do to your directory structure. It is the fastest method that is a global affect.

Preventing hot linking of images and other file types

Hot linking" is a curse phrase. Also known as "bandwidth stealing" by the angry site owner, it refers to linking directly to non-html objects not on one own's server, such as your carfully designed and paid for Joomla template-logo, stories/images, .js files etc. The victim's server in this case is robbed of bandwidth (and in turn money) as the violator enjoys showing content without having to pay for its deliverance. The most common practice of hot linking pertains to another site's images.

Using .htaccess, you can disallow hot linking on your server, so those attempting to link to an image or CSS file on your site, for example, is either blocked (failed request, such as a broken image) or served a different content (ie: an image of an angry man) . Note that mod_rewrite needs to be enabled on your server in order for this aspect of .htaccess to work. Inquire your web host regarding this.

With all the pieces in place, here's how to disable hot linking of certain file types on your site, in the case below, images, JavaScript (js) and CSS (css) files on your site. Simply add the below code to your .htaccess file, and upload the file either to your root directory, or a particular subdirectory to localize the effect to just one section of your site:

Code: Select all

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|js|css)$ - [F]


Be sure to replace "mydomain.com" with your own. The above code creates a failed request when hot linking of the specified file types occurs. In the case of images, a broken image is shown instead.

DO NOT HOTLINK!  IT'S A THEFT!


Prevent direct access to PHP in wrapper
If you would like to provide access to a number of php files via the Joomla/Mambo wrapper menu item you can use some code in the external script:

The following code in .htaccess works to block direct access to the script while not causing any problems with access via the wrapper. It''s for a script that exists outside of Joomla and Mambo. Note this is not the "core" .htaccess-file!

RewriteEngine On

RewriteBase /
  # Blocking direct access
  RewriteCond %{HTTP_REFERER} !^http://www.domain.com/.*$ [NC]
  RewriteCond %{HTTP_REFERER} !^http://domain.com/.*$ [NC]
  RewriteCond %{REQUEST_URI} ^.*index\\.php$
  RewriteRule .* - [F]


You should also go through the Apache User's Guide: http://httpd.apache.org/docs/  for more detailed information if you are really serious about making your life easier as a webmaster. You don't need to update all 4,000 of the pages on your site individually, by hand, in order to change one file reference!


Assembled & Written by:: Leo Lammerink

Source::
Javascriptkit
Elpie (your highness) – on the Joomla Forum
Gerald UK_Hotmail
Feyd – Mod on JK Forum
JooMa-Desk staff
Mirawati - IndoWebServices
Fujiyati - IndoWebServices

Re: Comprehensive guide to htaccess

Posted: Wed Jan 18, 2006 9:06 am
by brad
Great post.

Mod note: moving to FAQ forum and editing title.

Thanks Leo

Re: FAQ: Comprehensive guide to htaccess

Posted: Mon Feb 13, 2006 4:12 pm
by kai920
I'm trying to remove the SMF bridge - Is there a way to use .htaccess to automatically rename:

1. http://www.kaitech.hk/index.php?option= ... opic=385.0 OR
2. http://www.kaitech.hk/component/option, ... opic,385.0 (SEF enabled)

to http://www.kaitech.hk/forums/index.php?topic=385.0 ???

Re: FAQ: Comprehensive guide to htaccess

Posted: Wed Feb 15, 2006 1:55 am
by leolam
kai920 wrote:I'm trying to remove the SMF bridge - Is there a way to use .htaccess to automatically rename:

1. http://www.kaitech.hk/index.php?option= ... opic=385.0 OR
2. http://www.kaitech.hk/component/option, ... opic,385.0 (SEF enabled)

to http://www.kaitech.hk/forums/index.php?topic=385.0 ???


sorry mate, did miss the email.. normally i react very fast on every mail directed to me.
This is described in one of the examples Apache documentation

Luck
Leo

Re: FAQ: Comprehensive guide to htaccess

Posted: Wed Feb 15, 2006 3:38 am
by kai920
thx for reply, Leo. been trying to tinker it for the past hour, starting from a very simple redirect, from http://www.kaitech.hk/component/option, ... /Itemid,71 to
http://www.kaitech.hk/forums/index.php

but not much luck  :-\

Here is my htaccess: (I currently have SEF enabled)

Code: Select all

##
# @version $Id: htaccess.txt 423 2005-10-09 18:23:50Z stingrey $
# @package Joomla
# @copyright Copyright (C) 2005 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##

#
#  mod_rewrite in use
#

RewriteEngine On

#  Uncomment following line if your webserver's URL
#  is not directly related to physical file paths.
#  Update YourJoomlaDirectory (just / for root)

# RewriteBase /YourJoomlaDirectory

#
#  Rules
#

RewriteCond %{HTTP_HOST} ^kaitech.hk$
RewriteRule ^(.*)$ http://www.kaitech.hk/$1 [R=301,L]
ReWriteRule ^/component/option,com_smf/Itemid,71/ /forums/index.php
RewriteRule ^/index.php?option=com_smf&Itemid=71& /forums/index.php
RewriteCond %{REQUEST_FILENAME} !\.(jpg|jpeg|gif|png|css|js|pl|txt)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php

Re: FAQ: Comprehensive guide to htaccess

Posted: Wed Feb 15, 2006 8:35 am
by leolam
kai920 wrote:but not much luck  :-\


Good to see that you are realy trying and not asking immediately all for help. That's cool!  8)

Now here is an answer that might surprise you. I would never do that in htaccess so i am not going to give you some code here onm this issue. You want to create nice and clean SEF's and we have fantastic products for that freely available. If you use for instance Open-Sef , a product created by Predator amongst others (Marko Smuck = core-member) you can make any link to your liking. We use that since the latest version all every site we own and make. It is simply a fantastic SEF-product and extremely simple and user friendly. Here is wha you could create for instance looking what you want (3 minutes after installation it runs like that!) From::
http://www.kaitech.hk/index.php?option=com_smf&Itemid=71&topic=385.0
TO
http://www.kaitech.hk/forum.html
OR  FROM (had a short look at your site)
http://www.kaitech.hk/component/option,com_zoom/Itemid,64/
TO
http://www.kaitech.hk/shopping-paradise.html
  ;) (favorite place of my wife.....)

again...5 minutes without "poluting" your htaccess. Just remember what will happen if your ISP changes its rewrite rules in Apache....Bye bye links & you can start all-over! So be clever and use the component from Open-Sef to do what you want to achieve!

Regards and Luck!
Leo

Re: FAQ: Comprehensive guide to htaccess

Posted: Wed Feb 15, 2006 9:31 am
by kai920
Thanks leo for your well thought-out and lengthy explanations!  :-*

I've heard a lot of good things about Open-SEF, but may I say that SEF is not really what I'm after in this case?  You see, I'm currently running a Joomla-SMF bridge (com_smf) and my goal is to completely disengage from the use of this component -- as if it was never put into use on my site.  However, once I uninstall the com_smf component, the links which have previously been posted to other boards around the net will no longer work.

Therefore I was hoping there would be some clever way for an incoming link (for example, http://www.kaitech.hk/index.php?option= ... opic=385.0) to automatically resolve to its SMF equivalent.  In this case, the SMF-equivalent URL to the above is http://www.kaitech.hk/forums/index.php?topic=385.0 .

Is what I am seeking possible via .htaccess?

Re: FAQ: Comprehensive guide to htaccess

Posted: Wed Feb 15, 2006 10:00 am
by leolam
kai920 wrote:Thanks leo for your well thought-out and lengthy explanations!  :-*

I've heard a lot of good things about Open-SEF, but may I say that SEF is not really what I'm after in this case?  You see, I'm currently running a Joomla-SMF bridge (com_smf) and my goal is to completely disengage from the use of this component -- as if it was never put into use on my site.  However, once I uninstall the com_smf component, the links which have previously been posted to other boards around the net will no longer work.

Therefore I was hoping there would be some clever way for an incoming link (for example, http://www.kaitech.hk/index.php?option= ... opic=385.0) to automatically resolve to its SMF equivalent.  In this case, the SMF-equivalent URL to the above is http://www.kaitech.hk/forums/index.php?topic=385.0 .

Is what I am seeking possible via .htaccess?
:-[ from the kiss

I think you have to look into the redirect rule of the manual if my understanding if what you want is right.

Luck

Re: FAQ: Comprehensive guide to htaccess

Posted: Wed Feb 15, 2006 2:49 pm
by leolam
kai920 wrote:Thanks leo for your well thought-out and lengthy explanations!  :-*

Is what I am seeking possible via .htaccess?


Yes, but you need to read again... :P
http://forum.joomla.org/index.php/topic,31813.0.html

GRAM  pays especially attention to SMF...Should be helpful!

Leo

Re: FAQ: Comprehensive guide to htaccess

Posted: Thu Feb 16, 2006 3:47 am
by kai920
With help from a wonderfully helpful gent "cor" , this is the code in .htaccess that converts http://www.kaitech.hk/index.php?option= ... opic=385.0 to http://www.kaitech.hk/forums/index.php? ... 5.0.  Next up: how to convert the SEF-equivalent - http://www.kaitech.hk/component/option, ... ic,385.0...

Code: Select all

RewriteCond %{QUERY_STRING} ^option=com_smf [nc] 
RewriteCond %{QUERY_STRING} Itemid=71 [nc]
RewriteCond %{QUERY_STRING} topic=(.+) [nc]
RewriteRule ^index.php /forums/index.php?topic=%1 [r,l,nc]


Finally, what to do if there is no topic loaded, ie. http://www.kaitech.hk/index.php?option= ... temid=71...

Will update here once I find out...

Re: FAQ: Comprehensive guide to htaccess

Posted: Tue Jan 22, 2008 12:52 am
by casau
How can I modify the following to reflect a perl script I have in mydomain.com/cgi-bin/perlscript.pl


RewriteEngine On

RewriteBase /
  # Blocking direct access
  RewriteCond %{HTTP_REFERER} !^http://www.domain.com/.*$ [NC]
  RewriteCond %{HTTP_REFERER} !^http://domain.com/.*$ [NC]
  RewriteCond %{REQUEST_URI} ^.*index\\.php$
  RewriteRule .* - [F]