This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
what is .htaccess file in php?
As per my research this file is used for Url rewrites.
It allows you to set or modify per-directory configuration settings without having to change configuration files or restart the server.
.htaccess allows you to micromanage permissions. Apache generally discourages its use unless it's overriding a general behavior since it can be slower (if parent folder does not contain .htaccess, it must then check the parent of parent folder for .htaccess on up to the root folder).
However that doesn't mean it can't be useful, simply that you must be tactful in its usage. Where general apache configuration is to a bulldoser, .htaccess would be to a shovel. Just know when to pick a bulldoser over a shovel and you'll be fine.
A decent article can be found here regarding .htaccess.
Related
I am using Netbeans in Linux environment to develop my project. I have put my .htaccess in Web pages folder in Netbeans. But my .htaccess file is not getting loaded.
Now as suggested in many forums I wanted to change <Directory/> tag in /etc/httpd/conf/httpd.conf file. But There are many such tags. My question is which one I have to edit?
I want this file to affect whole directory. So putting it in web pages folder is ok or not?
It might be a repeat question but I could not find a solution in any forum.
Note: I have tried putting garbage or deny from all in .htacces file it is not getting loaded for sure.
I've been developing a website on a local web server and I'm pretty happy with it. I'm about ready to deploy it but I've been looking at how to limit folder access via htaccess. My concern is I grab some php variables from a document on the web server and I'm worried that by denying htaccess ill also prevent the php file from reading and writing to this document. Is this the case? If so how would I go about setting up a hierarchy in which my php can read and write to my document but people can't access the folder that its in?
.htaccess is a means to configure a server on a per-directory basis.
If you are going to be writing files using PHP, then it is going to be doing so using the file system (unless you are using HTTP PUT or similar, but you'd know if you were), so the server configuration is irrelevant.
Apache will simply forward your requests to the PHP interpreter. Once the request is past Apache, all rewrites/folder restrictions have already been validated, which means PHP never knows about them (and it shouldn't).
Htaccess is a webserver restriction, if you can access the page, then PHP doesn't care if you have it or not, so you can fopen / edit your files from PHP without problems. Of course if you write your file to a (different) directory that is htaccess protected, the user will have to insert the password to read it
Knowing that a deny from all directive will traverse all sub-directories and files below it, and ignoring the obvious caveats of "if you forget" to copy the .htaccess file or if you typo creating an .htaccess file...
Is there a risk in security between storing non-public files outside of the DocumentRoot versus placing an .htaccess file with a deny from all directive in each non-public directory in the DocumentRoot?
There are a few things to consider here:
.htaccess is only going to protect your file from access over the
web. For example, suppose you have a typical FTP server setup with
virtual users who are restricted to the document root. If an
attacker gains access to your FTP server (which is not that
far-fetched given how insecure most FTP configurations are), they
will have access to both the .htaccess file and any of your
protected files that are in the document root.
That was just one example that may not apply to your environment,
but the idea that I'm really trying to get at is that .htaccess
files don't give you that much depth in your security. They protect
you in one context (access over the Internet) but not in others.
Your server administrator has the ability to disable specific .htaccess
directives, to disable certain Apache modules (which your .htaccess file
may use), and even to disable the use of .htaccess files period. If you
don't have control over your Apache configuration (which I'm assuming
is the case since you're choosing to overwrite it with an .htaccess file),
you also don't really have control over whether your .htaccess file is going
to be respected. It really comes down to your relationship with your
host/server administrator and what they decide to allow.
Finally, if the .htaccess file is writable by the user your Apache
server is running as, a determined hacker can modified that file.
Ex. if you're using Wordpress, many popular themes will demand write
access to the .htaccess file so that they can control URL rewriting.
I'd imagine some other Content Management Systems do the same.
With all that said, using an .htaccess file (or directly altering your Apache configuration files) may still be a perfectly valid security measure for you. It depends on what your environment as a whole looks like -- how your server is configured, what you're trying to protect, etc. Hopefully I at least gave you some things to think about.
I'm configuring Apache and the setup documentation has me creating a file in .etc.apache2/sites-availible named after my site (example.com) but doesn't say what type of file this is. I tried to just write it up in TextEdit, but then it saves it as example.com.txt. There is already a default there, but it doesn't seem to have a file type. So how can I may a similar file type to put the virtual host code in?
The extension of the file would not matter. In fact, you can just edit the default file that is already there.
Apache Documentation just recommends you to create a separate file for your domain, sine it is cleaner and easier to maintain.
Once you create that file, and add all the corresponding e.g. vhost configuration, you can run:
sudo a2ensite your_file_name
to tell apache to use your file from now on.
The filetype:
.conf
Put in it all the VirtualHost directives for your domain...
what is htaccess file? how to create and write that? what is the advantage of using htaccess file?
.htaccess files provide a way to make configuration changes on a per-directory basis. See the official Apache documentation for .htaccess files.
.htaccess allows you to override Apache's (and other servers') main configuration file for a particular directory (and all its subdirectories). To use .htaccess you simply create a new file and name it ".htaccess" (yes, the name is very unusual because it actually consist of only a very long file extension), upload it to you server (if you want to affect your entire site than put is in your root folder), and finally add some directives.
If you wand to see what sort of things you can configure with .htaccess check out this very accessible tutorial: 5 most useful applications of the .htaccess file.
For something more comprehensive visit guide .htaccess.
Hope this helps
This is majorly used for configuration on server the generally things involve in usage are following.
-(redirecting server to specific file)
Redirect permanent /index.html (new path)
For more you can refer to http://httpd.apache.org/docs/2.0/howto/htaccess.html#related