Tips, News and Comments on HTML Guard


Posts Tagged ‘.htaccess’

February 24th, 2010, by Andreas

Using .htaccess to Mask watermark.php Calls

In a previous article, I demonstrated how one could use PHP to dynamically add watermarks to images. Implementing the solution I presented in that article required you to change your image links to something like this:

<img src="watermark.php?image=sample1.jpg&watermark=watermark.png" />

In this article, I will show you how you can easily watermark all images in a certain directory without changing your links to point to a .php file.

Solution Details

Let’s say the images you want to watermark are kept in a sub directory called “gallery” right below your domain folder. At this point, you will have to upload the watermarking script (watermark.php) and the watermark image (watermark.png) to that exact folder and create an .htaccess file containing the following two lines of code:

RewriteEngine on
RewriteRule ^(.*\.(gif|jp?g|png))$ /gallery/watermark.php?image=$1&watermark=watermark.png [NC]

By using the RewriteRule directory, you are telling the web server that image requests shall be processed by the “watermark.php” script file, as opposed to serving the images directly to the browser. The “watermark.php” script then places the “watermark.png” as a watermark on the requested image. After completing the .htaccess file, it must be uploaded (in ASCII mode) to the “gallery” directory.

Download Sample Files

If you wish to play around a bit with my sample code, I have created a zip file that contains all the necessary files for you to do so.

Tags: , ,
Posted in Code Examples

November 23rd, 2009, by Andreas

Password-Protection with .htaccess

When surfing the web, you may have come across web pages that prompt you to provide a username and password with a dialog box like the one below:

.htaccess Password Protection

Implementing this kind of password protection is actually fairly easy and requires only a few steps:

  1. Create a text file (usually named “.htpasswd”) which stores the allowed usernames and passwords.
  2. Insert a few lines of code to an “.htaccess” file (which I introduced in my last article).

.htpasswd File

A typical “.htpasswd” file looks like this:

john:hjEnaBHSVih/2
jane:nwFprWeMvftDc

Each line in the file contains a username and an encrypted password separated by a colon. To create your own password entries, you can use this simple .htpasswd generator.

The .htpasswd file should be uploaded to a directory that is not accessible to web surfers (such as the protected directory or the directory above your www root folder). When uploading the file, be sure to use ASCII mode (rather than binary mode).

.htaccess File

The .htaccess file should contain the following code:

AuthName "Restricted Directory"
AuthType Basic
AuthUserFile /user/home/www/directory/.htpasswd
AuthGroupFile /dev/null
require valid-user

Make sure that the path specified in the “AuthUserFile” directive points to the .htpasswd file on your web server. Upload the edited file into the directory you want to protect.

Tags:
Posted in Password Protection

November 7th, 2009, by Andreas

Introducing .htaccess

In this article, I will introduce you to .htaccess, a simple configuration file that lets you control many aspects of your web server. This article is intended to serve as a reference for upcoming posts that will explore how to use .htaccess for content protection.

What is an .htaccess File?

.htaccess IntroductionAn .htaccess file is a plain text file that allows you to make changes to the configuration of your web server. When placing the file in a particular directory, the configuration directives contained therein are applied to that directory and all its subdirectories.

Although .htaccess files can be used on many different web servers (most commonly Apache), your hosting company might restrict certain directives or block the use of .htaccess completely. If you are not certain whether configuration via .htaccess is available on your server, you should simply ask your web host.

Common Usages of .htaccess

There are a huge variety of things you are able to do with .htaccess, including:

  • Password protect folders
  • Redirect file requests to a new location
  • Ban users with certain IP addresses
  • Block downloads from foreign domains
  • Stop directory listings
  • Control how web pages are cached
  • Provide custom error pages

Creating Your own .htaccess File

All you need to create an .htaccess file is a simple text file editor. Just open Notepad, or any other editor, type the required code and save the file, calling it exactly “.htaccess” (without the quotation marks). If Notepad doesn’t let you save the file without adding the file extension “.txt”, make sure “All Files” is selected in the “Save as type” drop-down menu. If that still doesn’t work, you can click here to download a blank .htaccess file with which to start.

After your file is ready, you must upload it to your web server using an FTP program like FileZilla or WinSCP. Because the .htaccess file is read on every single request, the directives found in the file will take effect immediately and don’t require a server reset.

Conclusion

.htaccess files are a very useful tool in web design and server administration. In the following articles, I will provide you with detailed examples of how to make use of the manifold possibilities of the .htaccess file.

Tags:
Posted in Uncategorized