question about htaccess file - .htaccess

what is htaccess file? how to create and write that? what is the advantage of using htaccess file?

.htaccess files provide a way to make configuration changes on a per-directory basis. See the official Apache documentation for .htaccess files.

.htaccess allows you to override Apache's (and other servers') main configuration file for a particular directory (and all its subdirectories). To use .htaccess you simply create a new file and name it ".htaccess" (yes, the name is very unusual because it actually consist of only a very long file extension), upload it to you server (if you want to affect your entire site than put is in your root folder), and finally add some directives.
If you wand to see what sort of things you can configure with .htaccess check out this very accessible tutorial: 5 most useful applications of the .htaccess file.
For something more comprehensive visit guide .htaccess.
Hope this helps

This is majorly used for configuration on server the generally things involve in usage are following.
-(redirecting server to specific file)
Redirect permanent /index.html (new path)
For more you can refer to http://httpd.apache.org/docs/2.0/howto/htaccess.html#related

Related

Redirect issue with cake php and html folder

I have a website in cake php host on a domain root(www.example.com/) directory it work fine. Now the issue is i placed a html template on www.exapmle.com/html but when i open this in browser it rdirect to website means www.example.com and seen cake php website.
One thing that is asked quite a lot on #cakephp is how to use other apps alongside CakePHP, and the answer giving is normally pretty ugly. Stick the files/folders in side webroot/. Although that does work, its not very nice. So ill show you a little trick with .htaccess files.
The first (really simple way) is to use a .htaccess inside the sub folder. For example you can have a copy of Joomla! running alongside cake with no issues when you have the .htaccess for Joomla! enabled. If the app does not have one and/or you would not know what to put in the .htaccess file you have another option
Make Apache stop processing rewrites if it finds a request for your sub directory. This is done by adding a rule for the sub directory and then telling Apache it is the last rule to process. The .htaccess file you want to edit is the one found inside your APP directory. All you want to add is the following line:
You can do this for as many sub folders as you wish, by changing the regex accordingly. Its pretty simple to do and a much cleaner way than having all your stuff inside the webroot/ folder of your APP.
Source : http://goo.gl/kOEZ9Y

How to hide directory listing of my website (a shared hosting)?

I'm trying to hide the directory listing of my website.
I'm currently working on a website hosted by 'hostinger'.
I know that i should change something in an apache-related file, but they(hostinger) say that
i cannot change that. cuz im using a 'shared' hosting service.
so the only way is to add some code in an .htaccess file.
RewriteEngine On
Options -Indexes
this is my current situation in my .htaccess file.
i've googled the info on how to do it, but it keeps listing my directory.
is there any way that i can prevent it?
or is it just impossible to accomplish with a shared hosting service?
Try this , prevent or allow the server to display the index of the files in the folders of your web server.
You can put a .htaccess file in each of your directory with this code
Options All -Indexes

Is there a security difference between storing files outside of the DocumentRoot versus "deny from all" htaccess directives?

Knowing that a deny from all directive will traverse all sub-directories and files below it, and ignoring the obvious caveats of "if you forget" to copy the .htaccess file or if you typo creating an .htaccess file...
Is there a risk in security between storing non-public files outside of the DocumentRoot versus placing an .htaccess file with a deny from all directive in each non-public directory in the DocumentRoot?
There are a few things to consider here:
.htaccess is only going to protect your file from access over the
web. For example, suppose you have a typical FTP server setup with
virtual users who are restricted to the document root. If an
attacker gains access to your FTP server (which is not that
far-fetched given how insecure most FTP configurations are), they
will have access to both the .htaccess file and any of your
protected files that are in the document root.
That was just one example that may not apply to your environment,
but the idea that I'm really trying to get at is that .htaccess
files don't give you that much depth in your security. They protect
you in one context (access over the Internet) but not in others.
Your server administrator has the ability to disable specific .htaccess
directives, to disable certain Apache modules (which your .htaccess file
may use), and even to disable the use of .htaccess files period. If you
don't have control over your Apache configuration (which I'm assuming
is the case since you're choosing to overwrite it with an .htaccess file),
you also don't really have control over whether your .htaccess file is going
to be respected. It really comes down to your relationship with your
host/server administrator and what they decide to allow.
Finally, if the .htaccess file is writable by the user your Apache
server is running as, a determined hacker can modified that file.
Ex. if you're using Wordpress, many popular themes will demand write
access to the .htaccess file so that they can control URL rewriting.
I'd imagine some other Content Management Systems do the same.
With all that said, using an .htaccess file (or directly altering your Apache configuration files) may still be a perfectly valid security measure for you. It depends on what your environment as a whole looks like -- how your server is configured, what you're trying to protect, etc. Hopefully I at least gave you some things to think about.

What is .htaccess file. Why we use this file. what are the advantages of using this file? [duplicate]

This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
what is .htaccess file in php?
As per my research this file is used for Url rewrites.
It allows you to set or modify per-directory configuration settings without having to change configuration files or restart the server.
.htaccess allows you to micromanage permissions. Apache generally discourages its use unless it's overriding a general behavior since it can be slower (if parent folder does not contain .htaccess, it must then check the parent of parent folder for .htaccess on up to the root folder).
However that doesn't mean it can't be useful, simply that you must be tactful in its usage. Where general apache configuration is to a bulldoser, .htaccess would be to a shovel. Just know when to pick a bulldoser over a shovel and you'll be fine.
A decent article can be found here regarding .htaccess.

Any way to know if .htaccess is enable?

any way to know if .htaccess is enable? I cannot read the httpd.conf file in my shared server.
I have access through ssh. My hosting provider uses cPanel Accelerated.
Regards
Javi
What about just putting a .htaccess somewhere which alters some readily-observable settings and look whether they have been changed or not?
Try uploading a sample .htaccess file (e.g. with a single simple redirect rule) and check if it works.

Resources