Security:htaccess: Difference between revisions

Line 1:

==How to enable mod_rewrite in .htaccess file==

mod_rewrite option allows you to use redirections and hiding your true URL with redirecting to some other URL. This option can prove very useful allowing you to replace the lengthy and long URL’s to short and easy to remember ones.

To allow mod_rewrite just have a practice to add the following line as the first line of your .htaccess file.

Options +FollowSymLinks

This option allows you to follow symbolic links and thus enable the mod_rewrite option on the website. Replacing the URL with short and crispy one is presented later on.

==How to Allow or Deny Access to Websites==

htaccess file can allow or deny access of website or a folder or files in the directory in which it is placed by using order, allow and deny keywords.

Allowing access to only 192.168.3.1 IP

Order Allow, Deny

Deny from All

Allow from 192.168.3.1

Atau

Order Allow, Deny

Allow from 192.168.3.1

Order keyword here specifies the order in which allow, deny access would be processed. For the above ‘Order’ statement, the Allow statements would be processed first and then the deny statements would be processed.

===Denying access to only one IP Address===

The below lines provide the means to allow access of the website to all the users accept one with IP Address: 192.168.3.1.

Order Allow, Deny

Deny from 192.168.3.1

Allow from All

Atau

Order Deny, Allow

Deny from 192.168.3.1

==Generate Apache Error documents for different error codes==

Using some simple lines, we can fix the error document that run on different error codes generated by the server when user/client requests a page not available on the website like most of us would have seen the ‘404 Page not found’ page in their web browser. ‘.htaccess’ files specify what action to take in case of such error conditions.

To do this, the following lines are needed to be added to the ‘.htaccess’ files:

ErrorDocument <error-code> <path-of-document/string-representing-html-file-content>

‘ErrorDocument’ is a keyword, error-code can be any of 401, 403, 404, 500 or any valid error representing code and lastly, ‘path-of-document’ represents the path on the local machine (in case you are using your own local server) or on the server (in case you are using any other’s server to host your website).

'''Example:'''

ErrorDocument 404 /error-docs/error-404.html

The above line sets the document ‘error-404.html’ placed in error-docs folder to be displayed in case the 404 error is reported by the server for any invalid request for a page by the client.

<nowiki>errorDocument 404 "<html><head><title>404 Page not found</title></head><body><p>The page you request is not present. Check the URL you have typed</p></body></html>"</nowiki>

The above representation is also correct which places the string representing a usual html file.

==Setting/Unsetting Apache server environment variables==

In .htaccess file you can set or unset the global environment variables that server allow to be modified by the hosters of the websites. For setting or unsetting the environment variables you need to add the following lines to your .htaccess files.

===Setting the Environment variables===

SetEnv OWNER “Gunjit Khera”

===Unsetting the Environment variables===

UnsetEnv OWNER

==Defining different MIME types for files==

MIME (Multipurpose Internet Multimedia Extensions) are the types that are recognized by the browser by default when running any web page. You can define MIME types for your website in .htaccess files, so that different types of files as defined by you can be recognized and run by the server.

AddType application/javascript js

AddType application/x-font-ttf ttf ttc

</IfModule>

Here, mod_mime.c is the module for controlling definitions of different MIME types and if you have this module installed on your system then you can use this module to define different MIME types for different extensions used in your website so that server can understand them.

==How to Limit the size of Uploads and Downloads in Apache==

.htaccess files allow you the feature to control the amount of data being uploaded or downloaded by a particular client from your website. For this you just need to append the following lines to your .htaccess file:

php_value upload_max_filesize 20M

php_value post_max_size 20M

php_value max_execution_time 200

php_value max_input_time 200

The above lines set maximum upload size, maximum size of data being posted, maximum execution time i.e. the maximum time the a user is allowed to execute a website on his local machine, maximum time constrain within on the input time.

# ____ _ _ _ ____ _ _ ____ _ _

Line 406:

Line 487:

==Source==

*[https://github.com/noncent/htaccess-best-web-security-practices/blob/master/README-V1.md github.com]

*[https://www.tecmint.com/apache-htaccess-tricks/ tecmint.com]

[[Category:Security]]

[[Category:Website]]

@@ Line 1: / Line 1: @@
+==How to enable mod_rewrite in .htaccess file==
+mod_rewrite option allows you to use redirections and hiding your true URL with redirecting to some other URL. This option can prove very useful allowing you to replace the lengthy and long URL’s to short and easy to remember ones.
+To allow mod_rewrite just have a practice to add the following line as the first line of your .htaccess file.
+ Options +FollowSymLinks
+This option allows you to follow symbolic links and thus enable the mod_rewrite option on the website. Replacing the URL with short and crispy one is presented later on.
+==How to Allow or Deny Access to Websites==
+htaccess file can allow or deny access of website or a folder or files in the directory in which it is placed by using order, allow and deny keywords.
+Allowing access to only 192.168.3.1 IP
+ Order Allow, Deny
+ Deny from All
+ Allow from 192.168.3.1
+Atau
+ Order Allow, Deny
+ Allow from 192.168.3.1
+Order keyword here specifies the order in which allow, deny access would be processed. For the above ‘Order’ statement, the Allow statements would be processed first and then the deny statements would be processed.
+===Denying access to only one IP Address===
+The below lines provide the means to allow access of the website to all the users accept one with IP Address: 192.168.3.1.
+ Order Allow, Deny
+ Deny from 192.168.3.1
+ Allow from All
+Atau
+ Order Deny, Allow
+ Deny from 192.168.3.1
+==Generate Apache Error documents for different error codes==
+Using some simple lines, we can fix the error document that run on different error codes generated by the server when user/client requests a page not available on the website like most of us would have seen the ‘404 Page not found’ page in their web browser. ‘.htaccess’ files specify what action to take in case of such error conditions.
+To do this, the following lines are needed to be added to the ‘.htaccess’ files:
+ ErrorDocument <error-code> <path-of-document/string-representing-html-file-content>
+‘ErrorDocument’ is a keyword, error-code can be any of 401, 403, 404, 500 or any valid error representing code and lastly, ‘path-of-document’ represents the path on the local machine (in case you are using your own local server) or on the server (in case you are using any other’s server to host your website).
+'''Example:'''
+ ErrorDocument 404 /error-docs/error-404.html
+The above line sets the document ‘error-404.html’ placed in error-docs folder to be displayed in case the 404 error is reported by the server for any invalid request for a page by the client.
+ <nowiki>errorDocument 404 "<html><head><title>404 Page not found</title></head><body><p>The page you request is not present. Check the URL you have typed</p></body></html>"</nowiki>
+The above representation is also correct which places the string representing a usual html file.
+==Setting/Unsetting Apache server environment variables==
+In .htaccess file you can set or unset the global environment variables that server allow to be modified by the hosters of the websites. For setting or unsetting the environment variables you need to add the following lines to your .htaccess files.
+===Setting the Environment variables===
+ SetEnv OWNER “Gunjit Khera”
+===Unsetting the Environment variables===
+ UnsetEnv OWNER
+==Defining different MIME types for files==
+MIME (Multipurpose Internet Multimedia Extensions) are the types that are recognized by the browser by default when running any web page. You can define MIME types for your website in .htaccess files, so that different types of files as defined by you can be recognized and run by the server.
+ <IfModule mod_mime.c>
+     AddType	application/javascript		js
+     AddType application/x-font-ttf		ttf ttc
+ </IfModule>
+Here, mod_mime.c is the module for controlling definitions of different MIME types and if you have this module installed on your system then you can use this module to define different MIME types for different extensions used in your website so that server can understand them.
+==How to Limit the size of Uploads and Downloads in Apache==
+.htaccess files allow you the feature to control the amount of data being uploaded or downloaded by a particular client from your website. For this you just need to append the following lines to your .htaccess file:
+ php_value upload_max_filesize 20M
+ php_value post_max_size 20M
+ php_value max_execution_time 200
+ php_value max_input_time 200
+The above lines set maximum upload size, maximum size of data being posted, maximum execution time i.e. the maximum time the a user is allowed to execute a website on his local machine, maximum time constrain within on the input time.
   #  ____       _   _                           _        ____       _   _              ____                       _ _
@@ Line 406: / Line 487: @@
 ==Source==
 *[https://github.com/noncent/htaccess-best-web-security-practices/blob/master/README-V1.md github.com]
+*[https://www.tecmint.com/apache-htaccess-tricks/ tecmint.com]
 [[Category:Security]]
 [[Category:Website]]