htaccess FAQ

Introduction

This document addresses the .htaccess file and some of the questions that are commonly asked about its use. There are a number of things that can be done within a .htaccess file that are not frequently asked and thus are not covered. You may also want to find additional information on the items that are covered. Comprehensive documentation can be found at http://httpd.apache.org/docs/2.0/howto/htaccess.html

FAQs

What is .htaccess

.htacess files provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories below it.

What are some things that it is good for?

People primarily use .htaccess for page protection and access control. However, it can contain a variety of other directives. Some of the additional and more common ones include URL redirection, custom error pages and indexing options.

Why can’t I see it from my ftp program?

Your program is not showing your .htaccess file because files beginning with a “dot” were “hidden” files under the unix operating system that these first appeared on. Your ftp program likely has a parameter or filter that you can set to display hidden files. You should check the help documentation for your ftp program.

How do I create a .htaccess file?

You may create a .htaccess by first getting into the directory/folder that you want the directives in the file to be applied to. You may then use a simple editor, like nano, to create the file as follows:

nano .htaccess

You may also use the “protect” program which is described under “Is there a simpler way to create a .htaccess?.” The protect program is interactive and is primarily used for access control.

How do I delete or change .htaccess file?

You may delete the file by first getting a unix/linux prompt then going to the directory/folder containing the .htaccess file. From there you may use the rm command to remove it as follows:

rm .htaccess

You may also edit it using a simple system text editor such as nano as follows:

nano .htaccess

Finally, you may make certain page protection and access control changes using the “protect” program which is described under “Is there a simpler way to create a .htaccess?”

Is there a simpler way to create a .htaccess file?

We offer a “protect” program which will assist you in adding, editing and removing access restrictions for viewing your web files and directories on www.unc.edu. It contains the following options:

1. Restrict pages based on users’ Onyen and password

2. Restrict pages using one (non-Onyen) user name and password designated by you

3. Edit restriction you previously created based on users’ Onyen

4. Edit restriction you previously created based on non-Onyen user name and password designated by you

5. Remove restriction to your pages

6. View current restriction status

7. Restrict pages to all users

8. Exit this program

You should run the program by issuing the command “protect” from the desired directory that you want to place access restrict on.

How do I restrict pages using Onyen authentication?

We suggest using the protect program for doing this. It will create a .htaccess file in the directory that you are in when you issue the command (e.g., when you type “protect” from inside of the file you wish to protect).

How do I restrict pages using a non-onyen user name and password?

We strongly suggest using the protect program for doing this. It will create a .htaccess file along with a file containing an encrypted password under the name .htpasswd.

What is page protection and access control?

Page protection allows you to place access restrictions on your web files and directories. Visitors to protected pages will have to authenticate before being allowed to view your pages. This authentication can take place by allowing access via onyen and password or by usernames and passwords that you chose.

Access Control allows you to either allow or deny access from a domain, a subnet, a host or an IP address. You can control access to certain files or full directories. allow or deny directives are processed sequentially as they appear in your .htaccess file. The following examples first allows all access to everyone before removing it for particular people.

The following statement establishes an order then allows access to everyone.

order allow,deny
allow from all

The following statement blocks access from anyone in the somewhere.com domain:

deny from somewhere.com

The following statement blocks the entire 152.5.6 subnet:

deny from 152.5.6.

The following line simply denies access to the host somehost.somewhere.com:

deny from somehost.somewhere.com

Note that the directive “allow from all” gets overridden by each instance of a deny directive.

How do I use it to make my own error pages?

There are several error messages that are generated by www.unc.edu when an error occurs while someone is accessing one of your pages. There is an error number associated with each error. Two of the more common ones are:

404 Not Found – This means the server did not find anything matchine a requested resource.

403 Forbidden – This means that the server understood the request but is refusing to fulfill it. This is often related to a problem with permissions.

The 404 and 403 are the actual error codes. When creating special error pages keep in mind that these pages are no more than simple webpages made using html. You can direct errors to your special pages by inserting the following statement into your .htaccess file:

ErrorDocument errorcode URL

The following example look in a folder/subdirectory named mypages under the public_html directory then displays 404errors.html each time there is 404 error on the page referenced by the onyen:

ErrorDocument 404 /~onyen/mypages/404errors.html

You may find a complete list of standard error codes at http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

How can I use .htaccess to redirect someone to another site?

You may have a URL that you would like redirected to another location when requested by a browser. There are several ways to do this. You may do it using META tags in your html. Unfortunately, a few browsers may not recognize META tags and will not handle the redirection. You may also decide to do it with a CGI program. However, CGI programs take system resources and can be a source of trouble if you are not exactly sure of what you are doing. It is easy to overcome both of these shortcomings by placing a line in your .htaccess that has the following format:

RedirectPermanent oldpagelocation newurl

The following example redirects the page found at mysite.html for a given onyen to the url located at http://my.new.company.com

RedirectPermanent /~onyen/mysite.html http://my.new.company.com

Such “blind redirects” are discouraged, however. A better approach to redirecting your site involves a “landing page” that informs users of the new URL. See “Redirecting UNC web sites”.

Is there any way to set up my public_html space to prevent web users from seeing my directory structure and files on pages without an index page?

On August 24 2012, we changed the default behavior so that when there is no longer a valid index file (ie: index.html, index.php) the directory contents will no longer be listed. To enable this directory listing you need edit the .htaccess file in that directory and add the following line:

Options +Indexes

If you want to ignore the index.html file and list the directory contests you will also need to add the line:

IndexIgnore *