Advanced Lecture // .htaccess

[rofl cake]

I don't take credit for this informatic tutorial. This was translated and posted here to help gain more incite on .htaccess.
Tutorial by: ACCO2@turkhackteam
SOURCE:

http://www.turkhackteam.org/web-server-guvenligi/987412-htaccess-detayli-anlatim.html

Hello friends, I will try to explain how to of .htaccess and provide more information about this file. This extension is found in apache server (.htaccess) placed to the webpage Apache server and .htaccess is the file that determines the access privileges.
// One note: ".htaccess (Hypertext Access), which allows the Apache folder level settings, configuration files are files that customize directives in general." //
// Note Two: ".htaccess" we recommend that you be very careful when using. Below are the most widely used to you ".htaccess" We derivatives. //

1. Access to the folder
If you want to block all access to a folder (for example, you might have a folder that contains your program source code, in this case, the folder is not on the internet, you may only want to access the file system) in the folder .htaccess file to create inside / /

#deny All Access Code: deny from Order

Simply write.If you want the IP address you specify only that folder or rope to be accessed by the block

#deny All Access

  deny from all
  allow from a single IP address 10.0.0.1 #
  allow from 192.168.0.0/24 # ip block

Simply write.To block access to a single file that you need to write is:

Order allow, deny

Deny from all

2. Folder List
If you want to list the files in a folder, you type the following in the .htaccess file:

 + Options + Indexes FollowSymLinks MultiViews +

IndexOptions FancyIndexing

This is supposed to be installed on your server for Autoindex module.To cancel the default folder listing in this line is sufficient:

  IndexIgnore *

3. Compression
The site's bandwidth (bandwidth) can use to protect data compression feature, which is a php. You must add the following to the .htaccess file:

php_value zlib.output_compression of 16386

4. Hide Files
You can use the Regular Expression Files with directives to block access to certain files.For example, the configuration file, you may want to block access to robots.txt or login.It impedes access to the file folders starting with .ht in the following example.

Order allow, deny

Deny from all Satisfy All

5. Custom HTTP 404 Error Page
Visitors are "404: Page Not Found" error to ensure that they would meet with you directly to a file you want to use the following code:

errord.occument 404 /errors/notfound.html

Wipe points.//
This way you can customize other error codes.Caution!When faced with Internet Explorer error page is less than 512 bytes, its error page where the link shows such as MSN search users.Make sure that the error is greater 512B't page you specify.

6. Block to Hotlinking
Hotlinking is simply a picture of your site, the video is called to show to another site.In this case, that would be your bandwidth. Access to certain files that are used outside of your site as an example the following code sends blocking an image file named nohotlink.gif look:

RewriteEngine on

RewriteCond% {HTTP_REFERER}! ^ $
RewriteCond% {HTTP_REFERER}! ^ [- a-z0-9] + \.)? your site \ .com [NC]
RewriteRule. * \. (zip | mp3 | avi | wmv | mpg | mpeg) $ [R, NC, L]

Note: If you are using a service like FeedBurner In this case, for example, you will need to change your code for this service.

7. Block the Bad Boots
You can use the .htaccess file bots who want to use your site or to download completely:

RewriteEngine On

8. Support for non-www
You also against the use of the site in the www subdomain If this code will do the trick:

Options + FollowSymLinks

RewriteEngine on RewriteCond% {HTTP_HOST} ^ www \ .example \ .com [NC] RewriteRule ^ (. *) $ http://example.com/$1 [R = 301, nc]

 

[rofl cake]

9. Which language you use to store
What language you use, you can keep your visitors by adding a rule to change the file extension to your .htaccess file.The following example will be processed through the files with the extension .133t such as PHP files.

# Make PHP code look like unknown types

AddType application / x-httpd-php .133t

10. Various Tips
* .htaccess File to keep as small as possible.Because they are controlled by each file requests on the server.
* Keep your .htaccess file regularly.Rules file increases will be difficult to understand.# Type description of each section using.
* URL that re-defines the previous page orientation of the rules (such as Nohotl Link example) [L] add the feature.This server refers to another rule application.
* .htaccess Rules that apply in the sub-folder, consider the rule in .htaccess could change the rules on the subfolders.

11. .htpasswd with Password Protection
Follow these steps to add code to the desired file or folder:
* Create .htpasswd file in the folder you want to encrypt.
* File contents username: password is style.Username is plain text.The password must be encrypted.You can use the following address to receive your password.
* If you have to upload the file server Make sure that you create on your own computer using ASCII mode.
* Now edit your .htaccess file.Rules on the folder containing the files you edited and will be available in the subfolders:

AuthUserFile /home/pathto/.htpasswd

AuthType Basic AuthName "My Secret Folder" require valid-user

If you want to create a single file, you must use to rule directive in the code.* Make sure your .htaccess file is not accessible.(See. 1 title)

12. Change the default page
The default page information in the following way, taking care not to change the order

 DirectoryIndex home.html index.htm, index.html, index.php

.htaccess All Properties Bypassed Very effective

 Writed by hcino the AddHandler[/COLOR][/CENTER]
[COLOR=#000000]
[CENTER]  DirectoryIndex index.html
  <Directory />
  Options FollowSymLinks
  All Options + Indexes + FollowSymlinks
  All Options + ExecCGI
  All Options + Indexes
  All Options + FollowSymLinks
  All options + SymLinksIfOwnerMatch
  All Options + MultiViews
  All Options + Includes
  All options + IncludesNOEXEC
  All options + IndexOptions FancyIndexing +
  AllowOverride None
  AllowOverride All
  order allow, deny
  Allow from all
  </ Directory>
  AddType text / plain .php
  AddType text / plain .htaccess
  AddHandler server-parsed .php
  AddHandler cgi-script .asp
  ForceType application / x-httpd-php4
  HeaderName 1.txt
  ReadmeName 1.txt
  AddDefaultCharset utf-8
  RewriteEngine On
  Sitemap.xml RewriteRule ^ /? $ md_sitemap.php [QSA, NC, L]
  src /(.*)/ page RewriteRule ^ / ([0-9] +) /? $ index.php? src = $ 1 & page = $ 2 [QSA, NC, L]
  src /(.*)/?$ RewriteRule ^ index.php? src = $ 1 [QSA, NC, L]
  RewriteRule ^ Web /(.*) web.php? url = $ 1 [QSA, NC, L]
  RewriteRule (. *) \. was $ $ 1.was
  RewriteRule. * - [F = HTTP_AUTHORIZATION is:% {HTTP: Authorization}, L]
  <IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond% {REQUEST_FILENAME} -f [OR]
  REQUEST_FILENAME RewriteCond% {d}
  RewriteRule ^ (. +) - [PT, L]
  RewriteRule ^ (. *) index.php
  </ IfModule>
  <IfModule mod_security.c>
  SecFilterEngine OFF OFF SecFilterEngine
  secfilterscanport OFF OFF secfilterscanport
  SecFilterCheckURLEncoding OFF OFF SecFilterCheckURLEncoding
  SecFilterCheckUnicodeEncoding OFF OFF SecFilterCheckUnicodeEncoding
  RewriteRule (. *) \. was $ $ 1.was
  </ IfModule> </ IfModule>

​

​

Credits:
ACCO2@turkhackteam
turkhackteam - Letting me post this tut on this forums.

 

[Supervisor]

Nice guide, thanks for sharing

 

[Bluscream]

Bad translation but still a good tut.