Division of Information Technology

Web Publishing @ SFSU

Customizing your web account using .htaccess

Customizing Options

The Web servers at SFSU allow users to:

  • Add MIME type definitions to describe how linked files should be processed.
  • Restrict access to their Web documents based on Internet address of the client.
  • Redirect visitors if errors such as "Not Found" occur.

Overview

Adding MIME types, access restrictions, and error redirects are controlled by a file called ".htaccess" located in user's Web directory.

The ".htaccess" file consists of sets of directives that control the server, surrounded by <Files> tag. The syntax is as follows:

<Files *>
... directives ...
</Files>

This .htaccess file applies the directives to the directory and subdirectories it is placed in. If you need different directives in specific directories, you will need to create a separate .htaccess file and place it in that directory.

The "*" (asterisk) in the <Files> tag indicates that these directives apply to all subdirectories in the directory. For example, if you want certain directives to apply to one directory but more specific or additional directives in another directory, you will need to create another .htaccess file with these directives. If you do not want the directives to apply to all subdirectories remove the "*" in the <Files> tag.

 

Adding MIME Types

.htaccess files can also aid in specifying how to open a document based on defining its MIME type.

The directive to use for this purpose is AddType. Like other .htaccess directives, this directive should appear inside the <Files> tag and stored in the directory it will be used. The syntax is as follows where "SHEXP" is a wildcard pattern that tells the server which files to associate the "mime-type" with:

AddType mime-type SHEXP

Examples:

Although this MIME type is preinstalled, here's an example of how to add support for MIDI files by adding the following code to the .htaccess file:

<Files *>
AddType audio/midi *.mid
</Files>

Internet Address Authorization

This method allows you to restrict connections to certain Internet hosts. Be aware that hostnames are not that hard to spoof - you should not consider this method to be very secure. The appropriate directive to be surrounded by the <Files> tag is "RestrictAccess", and can be used as follows:

<Files *>
Order allow,deny
Action ip_pattern or host_pattern
</Files>
  • "action" should be either "allow" or "deny", and specifies whether you want to allow or deny access to the pages.
  • "ip_pattern" is the wildcard pattern specifying IP addresses that should be allowed or denied access (for example, "130.212.*"). This switch can be used together with the dns switch, or by itself.
  • "host_pattern" is the wildcard pattern specifying hostnames that should be allowed or denied access (for example, "*.somehost.com" ). This switch can be used together with the ip switch, or by itself.

  • Note: Multiple actions within these directives can be added using multiple lines. The server reads these lines from the top down. If part of a host_pattern is denied in the first line, but allowed in the second, this second host_pattern is denied as well.

Changing a Delivered Error Message

The Apache servers we are using at SFSU allows users to specify URLs to be displayed in place of default messages when errors such as "Not Found" occur. This is achieved by placing an ErrorDocument directive in the user's ".htaccess" file.

As all other directives in the ".htaccess" file, ErrorDocument needs to be surrounded by "Files" tags in the following manner:

<Files *>
ErrorDocument error_code html_file path
</Files>

"error_code" is the standard HTTP code that specifies the error we want to catch. The following are acceptable error codes and their reasons:

  • 401 Unauthorized
  • 403 Forbidden
  • 404 Not Found
  • 500 Server Error

"html_file path" should be a valid URL to the local server to the file you would like to redirect people to, but without the

http://servername.sfsu.edu

prefix (such as "/~username/myfile.html"). This URL will be displayed if the error occurs.

Example

If you wanted to display the following page when a customer tried to access a page that is "Not Found":

http://servername.sfsu.edu/~username/lost.htm

...you would add the following lines into the .htaccess file:

<Files *>
ErrorDocument 404 /~username/lost.htm
</Files>

Web Access Control

Restricted Directories

Setting up directories with restricted access can be done through ".htaccess". The files allow you to set the location of the username/password file, customize the title of the pop-up window visible to the user on login and specify the users or groups who have access to the directory.

The first step is to set up a username/password file outside of your public_html directory in a directory called "webguest" with a file called ".htpasswd".

Setup the webguest directory

Log into your account using Telnet and follow these steps.
Note: the "deptname" below should be replaced with your account name and "www1" indicates the server name. In this case, we're logged into www.sfsu.edu:

[deptname@www1 ~]$ cd
[deptname@www1 ~]$ mkdir webguest
[deptname@www1 ~]$ cd webguest

Setup the username/password file

After setting up the "webguest" directory, follow these steps to create the username/password file. In this example, the username is called "student":

[deptname@www1 ~]$ htpasswd -c .htpasswd student
[deptname@www1 ~]$ New password:
[deptname@www1 ~]$ Re-type new password:
[deptname@www1 ~]$ Adding password for user student

The '-c' command stands for 'create' and will create the username/password file. If you have more users and would like to add them to the username/password file leave the '-c' command out.

[deptname@www1 ~]$ htpasswd .htpasswd student2

Adding users

Now that the passwords have been set up, there are two things yet to be done. First we need to make the restricted directory and second we need to create the .htaccess file in that directory so that the server will recognize the restricted directory.

Now put the following directives into the file, but keep in mind the bold entries are custom settings.

Adjust "deptname" and any other filenames to your own preference, as long the path to your .htpasswd file is correct. (To find out what the exact path is, cd to the directory where the file is located and type the command 'pwd').

Create the restricted directory and .htaccess file

[deptname@www1 ~]$ cd
[deptname@www1 ~]$ cd public_html
[deptname@www1 ~]$ mkdir restrict
[deptname@www1 ~]$ cd restrict
[deptname@www1 ~]$ pico .htaccess
<Files *>
AuthUserFile /data/users/deptname/webguest/.htpasswd
AuthName "Restricted Area"
AuthType Basic
require valid-user
</Files>

AuthName is a directive to customize the name that is shown in the pop-up window which asks for the password when someone accesses the directory.

When you're done, hold down CTRL-X to save your changes and exit pico.

Test the password protected directory

To test if the directory is correctly password protected, open a browser and visit the URL of the restricted directory, for example: http://www.sfsu.edu/~deptname/restrict/ where "deptname" is the name of your account on www.sfsu.edu. It should prompt you for a username and password before you can enter the directory.

 

For More Information

Apache Documentation on .htaccess files
HTAccess Editor

About | Getting Started | Create | Publish | Enhance | Advertise | Maintain
Index | Glossary | Software | For more Information

SFSU Home   Search   Need Help?  

1600 Holloway Avenue, San Francisco, CA 94132 (415) 338-1111
Last modified May 14, 2002 by the Web Team