.htaccess

From ICT science
Jump to navigation Jump to search

Staff and students can request personal storage and use of part of that to build and present a web site. Also, part of a Project Storage can be used as a web site. To restrict access to such a site, .htaccess files can be used.

.htaccess is part of the Apace web server facility. This page only describes some basic .htaccess functions. A full description can be found at the Apache website.

.htaccess in general

With a .htaccess file you can change the default behavior of the web server. This is done by placing a text file named .htaccess in the directory for which you want to change the default behavior.

Settings defined in .htaccess will influence both the directory in which .htaccess is placed and its descendants, and will overrule .htaccess settings made in a parent directory.

The .htaccess file is a simple text file, that can be written using text editors such a notepad (Windows), gedit, emacs, vi/vim (Linux/Unix) or textedit (Mac OS X).

Apache options that can be modified through a .htaccess are:

  • FileInfo
  • AuthConfig
  • Limit
  • Indexes
  • Options=Indexes

For a detailed description of these directives, see the Apache documentation web site.

Setting default page or directory listing

Default pages
in order of preference:
Index.html
index.html
Index.htm
index.htm
home.html
home.htm
Default.htm
default.htm
index.shtml
index.php

When in a URL only a folder is given, and no page, e.g.: www.students.science.uu.nl/~f051317/, then the web server will search that folder for a default page. See the box on the right for a full list.

The first page that is identified as a default page will be shown by the web server. Note that file names are case sensitive, so Index.html and index.html are different files. If both are present in your folder, the web server will show Index.html as the default page, since is comes before index.html in the preferred order.

If no default page is found, the web server will show a list of the directory contents, e.g. www.students.science.uu.nl/~f051317/opendir/.

However, there may be reasons why directory contents should not be generally visible. With .htaccess, public content views can be disabled. For this, enter the next line into the .htaccess file:

Options -Indexes

An example of such a closed directory is www.students.science.uu.nl/~f051317/closeddir/; this is an exact copy of the open directory shown before, with the .htaccess option.

To explicitly open public content views, enter

Options +Indexes

If, for any reason, you would like to have a different file (or set of files) acting as the default page, you can use a .htaccess directive:

DirectoryIndex myownpage.htm anotherpage.html

Please note that this directive will replace the defaults as defined by the web server, so e.g. index.html will no longer be recognized as a default file. Also, these defaults will act not only on the directory the .htaccess file is in, but also on its descendants (unless another .htaccess file overrules it).

Web access based on internet address

It is possible to manage access to your web pages using .htaccess based on your vistor's IP address. Only visitors whose computers have a specific address (or belong to a specific range of addresses) are allowed to view your web pages.

The basic .htaccess lines for this are:

Order deny,allow
Deny from all
Allow from <address>

Note that there is no space between deny,allow in in the first line!

For <address> you can substitute (part of) an internet address, e.g.:

131.211.32.30 A visitor with the IP address 131.211.32.30
131.211 All visitors having an IP address containing the combination '131.211'
science.uu.nl All visitors from the domain 'science.uu.nl'
uu.nl All visitors from the domain 'uu.nl'

You can combine rules to further restrict or widen access.

As an example, the page on www.students.science.uu.nl/~f051317/alleenUU/ can be viewed only by visitors from within the UU domain. To this end, .htaccess contains the rule

Allow from uu.nl

See also