.htaccess
m (Reverted edits by DavidYoung (talk) to last revision by 200.38.30.168) |
|||
| (6 intermediate revisions by 4 users not shown) | |||
| Line 7: | Line 7: | ||
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} | RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} | ||
| − | Or if you want to block off a pesky spammer-ridden IP block: | + | Or if you want to block off a pesky spammer-ridden IP block from posting things to a blog or wiki, while still allowing people on that block to READ the blog or wiki or what have you: |
| + | AuthName "Anti-Spam Protection" | ||
| + | AuthType Basic | ||
| + | <Limit PUT POST> | ||
| + | order allow,deny | ||
| + | allow from all | ||
| + | |||
# CHINANET telcom - 2006-03-02 | # CHINANET telcom - 2006-03-02 | ||
deny from 212.0.0.0/8 | deny from 212.0.0.0/8 | ||
| Line 15: | Line 21: | ||
deny from 221.0.0.0/8 | deny from 221.0.0.0/8 | ||
deny from 61.144.0.0/14 | deny from 61.144.0.0/14 | ||
| + | </Limit> | ||
Note that comments - prefaced by # signs - ARE allowed in .htaccess files. Use this to your advantage! | Note that comments - prefaced by # signs - ARE allowed in .htaccess files. Use this to your advantage! | ||
| + | |||
| + | What if you want to require a password for a certain directory? | ||
| + | |||
| + | # require a username and password to get into this lightly secured area | ||
| + | AuthType Basic | ||
| + | # note: it's safest to keep the password file OUTSIDE the webroot! | ||
| + | AuthUserFile ../.htpasswd | ||
| + | AuthName "JRS Systems Personnel Only" | ||
| + | require valid-user | ||
| + | satisfy any | ||
| + | |||
| + | Of course, this requires you to actually have a [[.htpasswd]] file in the appropriate location - you can use the [[htpasswd]] utility to create one for you. | ||
[[Category:Important Config Files]] | [[Category:Important Config Files]] | ||
Latest revision as of 16:30, 25 August 2012
You can place a .htaccess file in a directory serviced by apache to override server default behaviors without needing to alter httpd.conf or even to restart Apache - assuming, of course, that the directory in question has been allowed override privileges for the things you want to do!
For example, assuming mod_rewrite is installed and available in Apache, you can do the following in the .htaccess file in the root of a site to redirect an insecure http request to the same site via secure https:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Or if you want to block off a pesky spammer-ridden IP block from posting things to a blog or wiki, while still allowing people on that block to READ the blog or wiki or what have you:
AuthName "Anti-Spam Protection" AuthType Basic <Limit PUT POST> order allow,deny allow from all # CHINANET telcom - 2006-03-02 deny from 212.0.0.0/8 deny from 216.0.0.0/8 deny from 218.0.0.0/8 deny from 221.0.0.0/8 deny from 61.144.0.0/14 </Limit>
Note that comments - prefaced by # signs - ARE allowed in .htaccess files. Use this to your advantage!
What if you want to require a password for a certain directory?
# require a username and password to get into this lightly secured area AuthType Basic # note: it's safest to keep the password file OUTSIDE the webroot! AuthUserFile ../.htpasswd AuthName "JRS Systems Personnel Only" require valid-user satisfy any
Of course, this requires you to actually have a .htpasswd file in the appropriate location - you can use the htpasswd utility to create one for you.
