Table of Contents
Htaccess → THE Ultimate Htaccess
From: https://www.askapache.com/htaccess/
Specifically, .htaccess is the default file name of a special configuration file that provides a number of directives (commands) for controlling and configuring the Apache Web Server, and also to control and configure modules that can be built into the Apache installation, or included at run-time like mod_rewrite (for htaccess rewrite), mod_alias (for htaccess redirects), and mod_ssl (for controlling SSL connections). Htaccess allows for decentralized management of Web Server configurations
For setting up https SSL access for a website Drupal in particular
What Can it Do
There is a huge range of things .htaccess can do including: password protecting folders, redirecting users automatically, custom error pages, changing your file extensions, banning users with certian IP addresses, only allowing users with certain IP addresses, stopping directory listings and using a different file as the index file.
allowoverride
htaccess Cheatsheet
Access control
http://httpd.apache.org/docs/2.3/upgrading.html
In 2.2, access control based on client hostname, IP address, and other characteristics of client requests was done using the directives Order, Allow, Deny, and Satisfy.
In 2.4, such access control is done in the same way as other authorization checks, using the new module mod_authz_host. The old access control idioms should be replaced by the new authentication mechanisms, although for compatibility with old configurations, the new module mod_access_compat is provided.
Order Directive
http://httpd.apache.org/docs/2.3/mod/mod_access_compat.html#order
Ordering is one of:
Allow,Deny First, all Allow directives are evaluated; at least one must match, or the request is rejected. Next, all Deny directives are evaluated. If any matches, the request is rejected. Last, any requests which do not match an Allow or a Deny directive are denied by default. Deny,Allow First, all Deny directives are evaluated; if any match, the request is denied unless it also matches an Allow directive. Any requests which do not match any Allow or Deny directives are permitted. Mutual-failure This order has the same effect as Order Allow,Deny and is deprecated in its favor.
.htaccess is most often used to restrict or deny access to individual files and folders. A typical example would be an “includes” folder. Your site's pages can call these included scripts all they like, but you don't want users accessing these files directly, over the web. In that case you would drop an .htaccess file in the includes folder with content something like this..
NO ENTRY!
# no one gets in here!
deny from all
Order the processing of the allow and deny directives
http://www.maxi-pedia.com/Order+allow+deny
order allow,deny
Satisfy Directive
http://httpd.apache.org/docs/2.3/mod/mod_access_compat.html#satisfy
deny from all Satisfy All
AddType x-mapp-php5 .php
# $Id$ # # This is used to restrict access to this folder to anything other # than images # Prevents any script files from being accessed from the images folder <FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$"> Order Deny,Allow Deny from all </FilesMatch>
.htaccess tips and tricks
http://corz.org/serv/tricks/htaccess.php
What are .htaccess files anyway? Simply put, they are invisible plain text files where one can store server directives. Server directives are anything you might put in an Apache config file (httpd.conf) or even a php.ini**, but unlike those “master” directive files, these .htaccess directives apply only to the folder in which the .htaccess file resides, and all the folders inside.