.htaccess help needed


#1

I’ve a couple of queries relating to .htaccess:

  1. How to combine two .htaccess files
    I have one sitting in the root and one in a subdirectory. I would like to combine the two - if that is possible. As I do not want to stuff anything up, I hope someone can guide me through this.

  2. How to force URL redirect
    I would like to redirect any requests for /trap/ to my bad bot trap at /cgi-bin/formmail.pl.

I read somewhere that using the form below does not actually ‘force’ the redirect:

Redirect permanent /trap/ http://example.com/cgi-bin/formmail.pl

Perhaps I should use mod_rewrite to redirect the requests. I am not familiar with mod_rewrite. As you will see below, I have already got existing redirect rules, and I don’t know how to combine the rules without totally stuffing up.

At the moment I redirect the requests by including the script using SSI in /trap/index.html.

Any help would be greatly appreciated!

  • marsbar


My .htaccess files below. The one in the subdirectory reads:

<Files *.txt>
Order allow,deny
Deny From All

<Files ~ “.htaccess$”>
Order allow,deny
Deny From All

And the one in the root reads:

IPs banned by spider trap will appear above

SetEnvIf Request_URI “^(/errors/forbidden.*.html|/robots.txt)$” allowsome

<Files *>
Order deny,allow
Deny from env=ban
Allow from env=allowsome

AddType ‘text/html; charset=utf-8’ html
AddHandler server-parsed .html

Options -indexes

ErrorDocument 401 /errors/failed_authorisation.html
ErrorDocument 403 /errors/forbidden.html
ErrorDocument 404 /errors/missing.html
ErrorDocument 500 /errors/internal_error.html

no hotlinking

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$|.*bmp$|.zip$ [NC]
RewriteCond %{HTTP_REFERER} ^[http|nttp].
$
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !example.com[NC]
RewriteRule .(gif|jpg|png|bmp|zip)$ - [F,NC,L]

<Files ~ “^.ht”>
Order allow,deny
Deny from all
Satisfy all


#2

[quote]1) How to combine two .htaccess files
I have one sitting in the root and one in a subdirectory. I would like to combine the two - if that is possible. As I do not want to stuff anything up, I hope someone can guide me through this.[/quote]
For the most part, you just copy and paste. If you want the behavior seen in the subdirectory to apply to the root directory, then just put everything in an .htaccess file in the root directory. Apache will apply the root .htaccess to the subdirectory.

It is possible to put comments in .htaccess files, and it would help so you know what does what so you don’t have to figure out what the expressions mean each time.

[code]# 1

deny access to files with names ending in ‘.txt’

access denied by default

<Files *.txt>
Order allow,deny
Deny From All

2

deny access to files with names ending in ‘.htaccess’

access denied by default

<Files ~ “.htaccess$”>
Order allow,deny
Deny From All

3

deny access to files if visitor is banned

allow access to files for some visitors

access allowed by default

<Files *>
Order deny,allow
Deny from env=ban
Allow from env=allowsome

4

deny access to files whose name starts with ‘.ht’

access denied by default

<Files ~ “^.ht”>
Order allow,deny
Deny from all
Satisfy all
[/code]The only thing I see here that could be changed is for consistency: you use * and ? wildcard characters for for #1 and #3 but regular expressions for #2 and #4 when you could make all four use one method instead of the other. But thats just a nitpick.

:cool: Perl / MySQL / HTML+CSS


#3

I am a beginner when it comes to regular expressions and .htaccess directives, so thank you for your help, Atropos.

Say if I need to prevent access to files with .txt extension located in a subdirectory, /foo/? Do I just add this in my global .htaccess in the root directory:

<Files /foo/*.txt>
Order allow,deny
Deny From All

[quote]# 2

deny access to files with names ending in ‘.htaccess’

access denied by default

<Files ~ “.htaccess$”>
Order allow,deny
Deny From All

4

deny access to files whose name starts with ‘.ht’

access denied by default

<Files ~ “^.ht”>
Order allow,deny
Deny from all
Satisfy all

[/quote]
Does #4 make #2 redundant? And can #4 be written like this, using a wildcard character:

<Files .ht*>
Order allow, deny
Satisfy all

I see. So, for consistency’s sake, let’s use regular expressions. Then should the first lines of #1 and #3 be written like this:

1 deny access to files with names ending in ‘.txt’

<Files ~".txt$">

and…

3 deny access to files if visitor is banned

<Files ~".$">

Thanks in anticipation,
marsbar


Edit: is anyone able to help me with my URL redirection query (Question 2 in my original post/first post in this thread)?


#4

[quote]I read somewhere that using the form below does not actually ‘force’ the redirect:

Redirect permanent /trap/ http://example.com/cgi-bin/formmail.pl

Perhaps I should use mod_rewrite to redirect the requests. I am not familiar with mod_rewrite. As you will see below, I have already got existing redirect rules, and I don’t know how to combine the rules without totally stuffing up.[/quote]
What happens is the browser recieves a response that tells it to retrieve a different URL.

With mod_rewrite, you can basically convert the first URL the browser asks for into a different URL for the same web site.

Redirect:

  1. browser asks for /foo on example.com
  2. server tells browser to ask for /bar on example.com
  3. browser akss for /bar on example.com

Rewrite:

  1. browser asks for /foo on example.com
  2. server changes path to /bar
  3. server sends browser content of /bar on example.com

[quote]Say if I need to prevent access to files with .txt extension located in a subdirectory, /foo/? Do I just add this in my global .htaccess in the root directory:

<Files /foo/*.txt>
Order allow,deny
Deny From All
[/quote]
AFAIK the group is only for filenames, not paths. You would need to put an .htaccess file in /foo for *.txt

[quote]# 2

deny access to files with names ending in ‘.htaccess’

access denied by default

4

deny access to files whose name starts with ‘.ht’

access denied by default[/quote]

These are not redundant because they do different things. A file whose name is “example.htaccess” is denied by #2 but allowed by #4. A file whose name is “.htpasswd” is allowed by #2 but denied by #4. If that behavior is not what you want, you’ll need to modify these.

There shouldn’t be a need for you to add directives to block access to .ht* files though, as surely DH has that in the server configuration file already. In fact, the default configuration on my system included:

[quote]# The following lines prevent .htaccess files from being viewed by

Web clients. Since .htaccess files often contain authorization

information, access is disallowed for security reasons. Comment

these lines out if you want Web visitors to see the contents of

.htaccess files. If you change the AccessFileName directive above,

be sure to make the corresponding changes here.

Also, folks tend to use names such as .htpasswd for password

files, so this will protect those as well.

<Files ~ “^.ht”>
Order allow,deny
Deny from all
Satisfy All
[/quote]

[quote]And can #4 be written like this, using a wildcard character:

<Files .ht*>
Order allow, deny
Satisfy all
[/quote]
Yes.

[quote]# 1 deny access to files with names ending in ‘.txt’
<Files ~".txt$">

and…

3 deny access to files if visitor is banned

<Files ~".$">[/quote]
A space might be required between the tilde and the expression. #1 is correct, but #3 is not a valid regular expression. (The wildcard character is the period; an asterisk means ‘zero or more’:

<Files ~ “.*”>

:cool: Perl / MySQL / HTML CSS


#5

Thank you, Atropos, for explaining in plain English the difference between redirect and rewrite. Many thanks also, for correcting my coding mistakes.

That does not seem to be the case for server ‘tak’; I did a test just now and found that without those directives, my .htaccess file was viewable by all. :frowning:

  • marsbar

#6

All of our configs should have:
<Files ~ “^.ht”>
Order allow,deny
Deny from all


#7

That is good to know, Will. But how come when I leave out those directives, my .htaccess becomes viewable by all. (!?!)

  • marsbar