Mit Hilfe einer .htaccess Datei lässt sich nicht nur ein Passwortschutz realisieren, viele Apache Direktiven lassen sich zur Laufzeit beeinflussen. Der htaccesser bietet dafür eine Hilfestellung.

Hinweis!
Nicht alle Einstellungen zeigen auf allen Apache Servern eine Wirkung. Die Konfiguration von ModRewrite z.B. muss vom Provider in der Apache-Config explizit erlaubt werden. Erlaubt der Provider einige der Einstellungen via .htaccess nicht, passiert im besten Fall gar nichts, im schlimmsten Fall gibt der Webserver einen Error 500 aus. In solch einem Fall löscht man ganz einfach die .htaccess Datei wieder und alles sollte wieder beim alten sein.

"; $output.="\norder allow,deny\ndeny from all\n"; } if (isset($redirect)) { $output.="\nRedirect permanent /$redirect_file $redirect_url"; } if (isset($force_ssl)) { $output.="\n"; $output.="\nRedirect permanent / https://$force_ssl_domain/"; $output.="\n"; } if (isset($no_index)) { $output.="\nIndexIgnore */*"; } if (isset($cache)) { $output.="\nExpiresActive on\nExpiresDefault "; if (isset($cache_server)) { $output.="M"; } else { $output.="A"; } $output.=$cachelength; } if (isset($check_media_referrer)) { $modrewrite="true"; } if (isset($failed_redirect)) { $modrewrite="true"; } if (isset($user_dir)) { $modrewrite="true"; } if (isset($timed_pages)) { $modrewrite="true"; } if (isset($block_harvesters)) { $modrewrite="true"; } if (isset($rewrite_browser_page)) { $modrewrite="true"; } if (isset($remap_script)&&isset($remap_folder)) { $modrewrite="true"; } if (isset($modrewrite)&&($modrewrite!="false")) { $output.="\nRewriteEngine on"; if (isset($check_media_referrer)) { $output.="\n".'RewriteCond %{HTTP_REFERER} !^$'; $output.="\n".'RewriteCond %{HTTP_REFERER} !^http://(www\.)?'.$referrer_domain.'/.*$ [NC]'; $output.="\n".'RewriteRule \.(gif|jpg|png|mp3|mpg|avi|mov)$ - [F] '; } if (isset($failed_redirect)) { $output.="\n".'RewriteCond %{REQUEST_URI} !-U'; $output.="\n".'RewriteRule ^(.+) http://'.$failed_redirect_server.'/$1'; } if (isset($user_dir)) { $user_domain=str_replace('.','\.',$user_domain); $output.="\n".'RewriteCond %{HTTP_HOST} ^www\.[^.]+\.'.$user_domain.'$'; $output.="\n".'RewriteRule ^(.+) %{HTTP_HOST}$1 [C]'; $output.="\n".'RewriteRule ^www\.([^.]+)\.'.$user_domain.'(.*) /'.$user_dir_path.'$1$2'; } if (isset($timed_pages)) { $timed_page=str_replace('.','\.',$timed_page); $output.="\n".'RewriteCond %{TIME_HOUR}%{TIME_MIN} >'.$timed_page_start; $output.="\n".'RewriteCond %{TIME_HOUR}%{TIME_MIN} <'.$timed_page_end; $output.="\n".'RewriteRule ^'.$timed_page.'$ '.$timed_page_day; $output.="\n".'RewriteRule ^'.$timed_page.'$ '.$timed_page_night; } if (isset($block_harvesters)) { $output.="\nRewriteCond %{HTTP_USER_AGENT} Wget [OR] "; $output.="\nRewriteCond %{HTTP_USER_AGENT} CherryPickerSE [OR] "; $output.="\nRewriteCond %{HTTP_USER_AGENT} CherryPickerElite [OR] "; $output.="\nRewriteCond %{HTTP_USER_AGENT} EmailCollector [OR] "; $output.="\nRewriteCond %{HTTP_USER_AGENT} EmailSiphon [OR] "; $output.="\nRewriteCond %{HTTP_USER_AGENT} EmailWolf [OR] "; $output.="\nRewriteCond %{HTTP_USER_AGENT} ExtractorPro "; $output.="\nRewriteRule ^.*$ $block_doc [L]"; } if (isset($rewrite_browser_page)) { //rewrite browser pages $rw_page='^'.str_replace('.','\.',$rewrite_browser_page).'$'; if (isset($geoip_country)) { $output.="\nRewriteCond %{ENV:GEOIP_COUNTRY_CODE} $geoip_country [NC]"; $output.="\nRewriteRule $rw_page $geoip_page [L]\n"; } if (isset($rewrite_browser_page_ns)) { $output.="\n".'RewriteCond %{HTTP_USER_AGENT} ^Mozilla/[345].*Gecko*'; $output.="\nRewriteRule $rw_page $rewrite_browser_page_ns [L]\n"; } if (isset($rewrite_browser_page_ie)) { $output.="\n".'RewriteCond %{HTTP_USER_AGENT} ^Mozilla/[345].*MSIE*'; $output.="\nRewriteRule $rw_page $rewrite_browser_page_ie [L]\n"; } if (isset($rewrite_browser_page_lynx)) { $output.="\n".'RewriteCond %{HTTP_USER_AGENT} ^Mozilla/[12].* [OR]'; $output.="\n".'RewriteCond %{HTTP_USER_AGENT} ^Lynx/*'; $output.="\nRewriteRule $rw_page $rewrite_browser_page_lynx [L]\n"; } if (isset($rewrite_browser_page_default)) { $output.="\nRewriteRule $rw_page $rewrite_browser_page_default [L]\n"; } } if (isset($remap_script)&&isset($remap_folder)) { $output.="\nRewriteRule $remap_folder(.*) /$remap_script$1 [PT]"; } } if (isset($error_400)) { $output.="\nErrorDocument 400 $error_400"; } if (isset($error_401)) { $output.="\nErrorDocument 401 $error_401"; } if (isset($error_403)) { $output.="\nErrorDocument 403 $error_403"; } if (isset($error_404)) { $output.="\nErrorDocument 404 $error_404"; } if (isset($error_500)) { $output.="\nErrorDocument 500 $error_500"; } if (isset($default_page)) { $output.="\nDirectoryIndex $default_page"; } if ($options) { $output="Options $options\n".$output; } ?>

Your .htaccess file contents

Copy the lines below and paste them into your .htaccess file

Default Page

What page to load if the user doesn't specify any (usually index.html or index.php)
Can specify multiple in a list (ie index.php index.html index.htm default.htm)

Directory Index

Options

CGI

execute CGI programs

Execution of CGI scripts using mod_cgi is permitted.

File Extensions

.cgi .pl .exe .sh

SSI

include files (SSI) or without #exec
file extension

Server-side includes provided by mod_include are permitted.

Symbolic Links

Follow Symbolic Links

The server will follow symbolic links in this directory.

Follow Symbolic Links if owner matches

The server will only follow symbolic links for which the target file or directory is owned by the same user id as the link.

Index

Indexes

If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory.

MultiViews

Content Negotiation (MultiViews)

Content negotiated "MultiViews" are allowed using mod_negotiation.

SSL

Force SSL SSL Domain

Force HTTP requests to redirect HTTPS

Authentication

Deny by default
Require valid username
All if user OR ip matches
Area Name
User Authentication path to users file
Group Authentication path to groups file
Allowed Users
Allowed Groups
Allowed IP addresses (wildcards and names allowed)
Blocked IP addresses (wildcards and names allowed)

Additional Mime Types

$ext"; } fclose($fp); } ?>

File extension to mime type mappings are in this format
mime/type ext
for example
text/html html
application/x-gzip gz

Protect System Files

Protect .htaccess and user and group files
Additional files to protect

File Cache Control

Specify File Cache Time

How often will the client/proxy refresh the file

Modification Based

Expire all clients/proxies at the same time

Cache Time 1 Year 6 Months 3 Months 1 Month 1 Week 1 Day 1 Hour 1 Minutes

ModRewrite

Protect Media Files

On:
Allowed Domain:

Check the referrer domain for images, music, and sound files

Block E-mail Harvesters

On:
Page to server:

Deny access to e-mail harvesting programs.

Time-Dependant Page

On:
Page Name:
Daytime Starts:
Daytime Ends:
Daytime Page:
Nighttime Page:

Serve pages depending on time of day

Virtual DNS to Folder

On:
Base Domain: Path to Folders:

Rewrite Virtual Subdomains to subfolders. Ie: rewrite www.foo.domain.com to www.domain.com/subdomains/foo. Useful for virtual user domains.

Redirect Failing URLs To Other Webserver

On:
Secondary Server:

When a URL is invalid, or would produce an error, redirect to a secondary server.

Rewrite Condition

Rewrite Page

Page Name: Page requested in the URL

Browser Dependant Page

Netscape Page Page to use for Netscape
IE Page Page to use for IE
Page for Lynx Page to use for text mode
Default Page Page to use for other browsers

Country Specific Page

Requires the mod_geoip is setup and configured on your server. Thought the software is free, the datafiles are a commercial product. Allows you to redirect users to specific pages depending on their country of origin.

Country Code

US = United States GB = United Kingdom CA = Canada MX = Mexico FR = France NL = Netherlands A1 = Anonymous

Country Specific URL

page to redirect visitors from the country (index.us.html or index.fr.html)

Map Folder To Script

This trick will make it possible to run a script that has parameters in the URL. You can make a custom home page script for your users that they can access like /login/home.html or /login/preferences.html and have them both go to login.php.

Folder Name

Folder you will reference in your href and urls (ie login)

Script Name

Script that will be ran (ie login.php, login.cgi, or login.pl) If you would like the rest of the path as a POST variable, do something like "login.php?page="

Custom Error Documents

Allows you to specify custom documents to serve on error conditions

Error 400 Bad Request
Error 401 Authentication Required
Error 403 Forbidden
Error 404 Not Found
Error 500 Server Error

Redirection

Use this option if a document has been moved to a new url. It will take care of automatic redirection for the user.

Redirect Moved Document
Moved Document
New URL