Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by pctony: http://wiki.apache.org/httpd/ScratchPad/htaccess The comment on the change is: deleted non htaccess specific content. i.e, tips for blocking domains ------------------------------------------------------------------------------ == When should I use .htaccess files? == - Only when you cannot edit directly the main configuration files! + Only when you cannot directly edit the main configuration files! === But it's ugly having all that stuff in the main config file! === @@ -66, +66 @@ As you can see, .htaccess files are restricted to the directory they're placed in, and thus you can think of .htaccess files as dynamically adding the following to the master Apache configuration: {{{ - <Directory /path/to/.htaccess> + <Directory /path/to/folder-with.htaccess> #.htaccess content goes here </Directory> }}} == How do I use .htaccess files? == - .htaccess files are containers for (certain) Apache directives. Note that some directives might be ignored due to Override configuration in the main config files. + .htaccess files are containers for (certain, restricted) Apache directives. Note that some directives might be ignored due to Override configuration in the main config files. == How can I prevent users from using .htaccess, or how define what can they do with them? == @@ -102, +102 @@ You can do it by sshing in to yourdomain.com and using pico, a user-friendly text editor. All the commands for its use appear at the bottom of the page (^ means ''press the Control key.'') Just change to the directory in which you want to use .htaccess, and type "pico .htaccess" to get started with a blank .htaccess file. - == How do I block certain IPs from accessing my site or directory? == - It's pretty easy! All you have to do is file in the directory you'd like to restrict (your main directory to restrict the entire site) and then put the following in it: - - {{{ - <Limit GET> - order allow,deny - allow from all - deny from 123.142.124.152 - deny from 124.24. - </LIMIT> - }}} - - - You can put whole ips or just the beginning part you'd like to match, and you can add more and more ips, each with its own line! When somebody's ip is banned, they will get a 403 error (access forbidden) when trying to visit your site. - - - == How do I block people coming from a certain website or URL from visiting my site or directory? == - - It's actually very similar to [[KB / Unix / .htaccess files| blocking people by IP]]! Again, you need to add some lines to an .htaccess text file that you create in the home directory of your web site. - - Here is some example code for giving everybody who comes to you from www.yahoo.com or www.google.com an (access denied): - - {{{ - SetEnvIfNoCase Referer "^http://www.google.com/"; BadReferrer - SetEnvIfNoCase Referer "^http://www.yahoo.com/"; BadReferrer - order deny,allow - deny from env=BadReferrer - }}} - - Another way to block people where you end up just redirecting them to a different url involves using the "[http://httpd.apache.org/docs/mod/mod_rewrite.html mod_rewrite]" functionality of our web server. Here's how to block everybody from www.yahoo.com and www.google.com again (put this in your .htaccess file): - - {{{ - RewriteEngine On - RewriteCond %{HTTP_REFERER} ^http://www.yahoo.com/ - RewriteRule /* http://www.yoursite.com/restricted_url.html [R,L] - RewriteCond %{HTTP_REFERER} ^http://www.google.com/ - RewriteRule /* http://www.yoursite.com/restricted_url.html [R,L] - }}} - - - == Force a server to only use SSL and fix double logins == - If you really want to be sure that your server is only serving documents over an encrypted SSL channel ''(you wouldn't want visitors to submit a htaccess password prompt on an unencrypted connection)'' then you need to use the '''SSLRequireSSL''' directive with the +StrictRequire Option turned on. - - {{{ - SSLOptions +StrictRequire - SSLRequireSSL - SSLRequire %{HTTP_HOST} eq "site.com" #or www.site.com - ErrorDocument 403 https://site.com - }}} - - The cool thing about using mod_ssl instead of mod_rewrite to force SSL is that apache gives mod_ssl priority ABOVE mod_rewrite so it will always require SSL. ''(may be able to get around first method using http://site.com:443 or https://site.com:80)'' - * An in-depth article about what this is doing can be found in the [http://www.htaccesselite.com/htaccess/redirecting-all-or-part-of-a-server-to-ssl-vt61.html SSL Forum] - - - - == How do I stop others from "hotlinking" my files? == - "Hotlinking" is when somebody displays an image (or any type of file actually) on somebody else's web site directly inline on their site! There's nothing particularly '''wrong''' with that, it's a big part of how the WWW was designed to work. However, it does "steal" the bandwidth of the original site, and could possibly infringe on a copyright. - - ==== Blocking specific domains ==== - The following code will return a '''403 Forbidden''' error instead of the requested image, but only when the image has been requested by ''badsite.net'' or ''badsite.com'': - {{{ - RewriteEngine On - RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.net/ [NC,OR] - RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.com/ [NC] - RewriteRule \.(jpe?g|gif|png)$ - [F] - }}} - Note that in the above example, only images are being protected. To protect other resources, such as video and audio files, add additional extensions to the <code>Rewrite Rule</code> parentheses block. - - ==== Blocking most domains ==== - The following code will return a '''403 Forbidden''' error instead of the requested resource, unless requested from example.com or livejournal.com (note that one of the allowed sites should be the domain where the resource is actually used): - {{{ - RewriteEngine On - RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC] - RewriteCond %{HTTP_REFERER} !^http://(www\.)?livejournal\.com/ [NC] - RewriteCond %{HTTP_REFERER} !^$ - RewriteRule \.(jpe?g|gif|png)$ - [F] - }}} - - ==== Blocking all domains ==== - The following code will return a '''403 Forbidden''' error instead of the requested resource, unless the referrer is example.com, which should be changed to the domain of the site where the image is used: - {{{ - RewriteEngine On - RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC] - RewriteCond %{HTTP_REFERER} !^$ - RewriteRule \.(jpe?g|gif|png)$ - [F] - }}} - - === Replacing images === - This method will '''still''' result in bandwidth theft, but it will protect your images. Bandwidth theft may reduce eventually as people learn linking your images will not work. - - ==== Replacing the image ==== - The following code will cause the remote server to display '''no_hotlink.jpg''' instead of the requested image: - {{{ - RewriteEngine On - RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC] - RewriteCond %{HTTP_REFERER} !^$ - RewriteRule \.(jpe?g|gif|png)$ images/no_hotlink.jpg [L] - }}} - - ==== Allow certain hotlinking ==== - The following code will cause the remote server to display '''no_hotlink.jpg''' instead of the requested image, unless the image has been requested from a specified directory ("'''dir'''"): - {{{ - RewriteEngine On - RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/dir/ [NC] - RewriteCond %{HTTP_REFERER} !^$ - RewriteRule \.(jpe?g|gif|png)$ images/no_hotlink.jpg [L] - }}} - - ==== Block specific domains ==== - The following code will cause the remote server to display '''no_hotlink.jpg''' instead of the requested image, but only when the image has been requested by ''badsite.net'' or ''badsite.com'': - {{{ - RewriteEngine On - RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.net/ [NC,OR] - RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.com/ [NC] - RewriteRule \.(jpe?g|gif|png)$ images/no_hotlink.jpg [L] - }}} -
