Apache Server Sides Includes and .htaccess Notes

  1. How to get rid of referral spam with the .htaccess file.

    Place the following in your top level .htaccess file and all requests from urls containing the terms in the list will be sent to your 403 page.

    RewriteEngine On
    RewriteBase /
    SetEnvIfNoCase Referer ".*(lenarcic|casino|more-poker|medportal).*" BadReferrer
    order deny,allow
    deny from env=BadReferrer
    
  2. Redirect all of one extension to another extension

    All requests to file1.txt are redirected to file1.shtml.

    RewriteEngine On
    RewriteBase   /myDirectory
    RewriteRule  ^(.*).txt$ $1.shtml [R=301]
    
  3. Redirect all request using HTTP to HTTPS.
    # Redirect all insecure requests
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://www.fincher.org/$1 [R=301,L]
    
  4. Redirects with spaces

    I had an external web site link to one of my pages, but a space was accidentally appended to the link, eg., "<a href="http://www.fincher.org/Misc/Pennies/ ">Pennies</a>". My error.log file was filling up with 404 errors. The easy solution was to do an apache redirect, but it was a little tricky because of the space. I tried putting in the "%20" at the end, but apache liked simple double quotes to define the trailing space.

    Redirect "/Misc/Pennies/ " http://www.fincher.org/Misc/Pennies
    
  5. Direct proxies to cache images

    Put this code in ".htaccess"

    ### activate mod_expires
    ExpiresActive On
    ### Expire .gif's 1 month from when they're accessed
    #ExpiresByType text/html "access plus 30 days"
    ExpiresByType image/gif "access plus 30 days"
    ExpiresByType image/jpg "access plus 30 days"
    ExpiresByType image/jpeg "access plus 30 days"
    
  6. How to define a custom error page

    Put this code in ".htaccess"

    ErrorDocument 403 /errors/403.html
    ErrorDocument 404 /errors/404.html
    
  7. Simple include:

    Apache, the most popular web server, allows for "server side" includes. These include one file into another. This is ideal for having a consistent menu bar across files and a standard footer. To use server side includes your file must have the extension ".shtml".

    <!--#include file="title.html" -->
    

    For more details visit http://apache.org/docs/mod/mod_include.html

  8. To include a file from another directory, the "virtual" keyword is used.
    <!--#include virtual="../title.html" -->
    
  9. To execute a script, use the cmd command:
         Last Modified: <!--#exec cmd="date"-->
    
    The result looks like: Last Modified:
  10. To execute a cgi script, use the include virtual command:
    <!--#include virtual="../../cgi-bin/Navigation.pl?Operation=WriteHeadings&MajorSection=$MajorSection/$MinorSection" -->
    

    Where Navigation.pl uses the stone age cgi-lib.pl and looks like,
    #!/usr/bin/perl
    MAIN:
    {
         require "./cgi-lib.pl" || die "Cannot find cgi-lib.pl: $!";
         local(*in,$message,$command);
         &ReadParse(*in);
         print &PrintHeader;
      $Operation = $in{Operation};
      $MajorSection = $in{MajorSection};
      $MinorSection =  $in{MinorSection};
      ...
    
  11. Execute a Ruby Script on Dreamhost

    The interesting thing is to rename the file from a ".rb" extension to a ".cgi" extension

    <!--#include virtual="/cgi-bin/hello.cgi"-->
    

    The file "hello.cgi" would look something like this to insert the word "hello..." into the page.

    #!/usr/bin/ruby
    puts "Content-type: text/html\n\n"
    puts "hello..."
    
  12. Tips on password protection using Apache

    On the command line use the program "htpasswd" with the "-c" option to create a .htpasswd file the first time. After that do not use the "-c" option. Apache will recreate the file and erase all previous entries. Do not to put .htpasswd in a web-accessable directory where suspicious people could download it and run password programs against it.

    % htpasswd -c /big/dom/xsmith/.htpasswd family 
    % htpasswd /big/dom/xsmith/.htpasswd workfriends  
    

    In the directory to protect create a file named ".htaccess". Example of a directory named "vacation":

    AuthName "vacation"
    AuthType Basic
    AuthUserFile /big/dom/xsmith/.htpasswd
    
    require user family
    
  13. Example of conditionals
    <!--#set var="ShowAnswers" value="Yes" -->
    
    <!--#if expr="$ShowAnswers = Yes" -->
    <li> Changes in the system are hard to implement 
    <li> Risk management is difficult
    <li> Projects must be well defined at the beginning
    <li> Cost of fixing errors in requirements increases by 10X at each stage 
    <!--#else -->
         <li> ___________________________________
         <li> ___________________________________
         <li> ___________________________________
         <li> ___________________________________
    	  
    <!--#endif -->
    
  14. Using predefined variables.
    This document is located at www.fincher.org<!--#echo var="DOCUMENT_URI" -->
    

    which will produce:

    This document is located at www.fincher.org/tips/web/apache.shtml

  15. Getting the QUERY_STRING from the url:
    <!--#echo var="QUERY_STRING"-->
    
  16. "echo" options

    By default, echo will encode things like "<" and ">". To prevent encoding of the variable use the "encode='none'" attribute.

    <!--#set var="HeaderContents" value="<style type='text/css'> img { padding: 1em;} </style>" -->
    ...The following is probably in a different file...
    <!--#if expr="${HeaderContents}" -->
       <!--#echo encoding="none" var="HeaderContents" -->
    <!--#endif -->
    
  17. Directory Listings

    To prevent Apache from doing directory listings add the following which will redirect to your 404 page.

    Options -Indexes
    
This document is located at www.fincher.org/tips/web/apache.shtml