Flexible configurations using the .htaccess file

The .htaccess file is a distributed configuration file for Apache that provides a way for you to make changes on a per-directory basis. When placed in a specific directory, the changes dictated by the file only apply to that directory and its sub-directories, enabling the users and not the administrators to configure the behavior of Apache if allowed.

This is especially useful in a shared hosting environment where the average user doesn’t have access to the actual configuration files. If you have access to the configuration files, any change made in the .htaccess file can be made in the main configuration files which is preferable as it provides better performance.

The main configuration file of Apache is the ultimate arbitrator of what is allowable and not allowable for the .htaccess file to control and it will also yield to each directory higher than itself. If you wish for the .htaccess file to be able to change almost anything you use the directive “AllowOverride All” in the Apache configuration. You can also only grant specific rights like “AuthConfig” to allow the user to password protect specific areas.

One of the most basic features most people look for is the ability to provide password authentication to a particular directory and doing this is relatively easy. Change directory to the web accessible directory you want access to and then create an .htaccess file with the following information in it.

AuthType Basic
AuthName "Protected Location, Credentials Please?"
AuthUserFile /var/www/domain.tld/htdocs/protected/.htpasswd
Require user valid-user

Then execute the following command:

htpasswd -c /var/www/domain.tld/htdocs/protected/.htpasswd testuser

At this point it will request you type the password for the user and will create an entry in the .htpasswd file. You only need to use the -c flag when you’re doing the initial creation of the file, after the first time you can simply specify the file name and user to add to it.

If you attempt to access your site now you will be prompted to enter a user name and password, enter the user name and password you created in the previous step and it will allow you access and will not request user name and password again this session unless you clear the session cache.

Having authentication on the fly is useful but there are even more useful variations of this that can be used to provide easy access from known locations and password protected access from unknown locations. For example we’ll start with our previous example and add the ability for anyone on the local lan to access it without a password:

AuthType Basic
AuthName "Protected Location, Credentials Please?"
AuthUserFile /var/www/domain.tld/htdocs/protected/.htpasswd
Require user valid-user
Order deny,allow
Deny from all
Allow from 192.168.
Satisfy any

Now anyone attempting to access the protected content will have to meet one of two criteria– either A) Be on the 192.168.0.0/16 subnet or B) Know the correct user name and password.

The .htaccess file however is not limited to just authentication changes you can also rewrite urls and redirect traffic if you wish:

Redirect 301 /old http://www.domain.tld/new

What this code says is redirect permanently (301) requests to /old to http://www.domain.tld/new. This is often useful if changed the management software on the website or made significant changes to the layout. That being said you rarely end up being able to use something as simple as that because frequently you use query strings in the requests (something following the base URL like: ?app=4&site=domain.tld&ref=9) to redirect those is a bit more complex:

RewriteEngine on
RewriteBase /
RewriteCond %{QUERY_STRING}    ^article=0001$
RewriteRule ^main.php$ /article1 [R=301,L]

What this says is redirect any query to http://www.domain.tld/main.php?article=0001 to http://www.domain.tld/article1 and it’s fairly easy to extend that to including part of the rewrite string in the resulting URL allowing you to redirect uniform urls en-mass to the correct location.

I’ll share one more tidbit regarding the .htaccess file, you can also use it to prevent people from hot-linking to your images and stealing your bandwidth.

This doesn’t always work due to needing to make exceptions for browsers that strip out the referer (the misspelling is intentional, it was misspelled in the RFC and has remained the same since.) The code to do this is pretty easy:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?domain\.tld/ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]

What this rule says is for any request that doesn’t originate from my domain return a forbidden response. You could further modify this to rewrite the url they are requesting and display the image of your choice. You could also allow blank referrers to access the site resources or deny any specific site you don’t want hot-linking your site specifically (for instance, facebook or a competitor’s site).

The flexibility the .htaccess file offers is massive and will allow you to write better sites and optimize your existing sites to better utilize your incoming links after a reorganization. The sky’s the limit and with a bit of care and work you can create just about any rule set you can imagine.

Linux Mint 8 Review

You may have heard about Linux Mint recently in the news and how much more smooth and easy to use it is than Ubuntu, I decided to give it a spin on one of my computers to see if it really lived up to the hype. I had used Mint 6 (Felicia) a while back and while I noted it had some improvements above and beyond Ubuntu I wasn’t truly impressed.

I downloaded the newest version of Mint (version 8, Helena) and installed it on one of my older computers with a serviceable monitor, the setup was decidedly easy and it defaulted to the ext4 file system which offers many performance enhancements over ext2/3. The only thing of note was the decided lack of the ability setup to support RAID by default which is unchanged from previous versions of Mint I had used. In contrast it did offer a method to encrypt the /home file system, however I declined this option because without full file system encryption it adds minimal real security to the system and unnecessary complications.

The install was short and simple, even in comparison to Ubuntu. It detected the on-board sound, video (although after install I did additionally have to tell it to install the proprietary drivers for the nvidia card and reboot, it was working well on the desktop with the defaults), keyboard, mouse, and monitor and setup reasonable defaults for them; however what impressed me the most was it detected and installed drivers for my Canon Ink-jet Printer which is something I’ve had to configure on every other system I’ve used it on. I think my most serious complaint with the installation procedure is that they didn’t provide any way to setup a RAID which I feel even in many users workstations is critical to data security.

The experience using the desktop was very good, even in comparison to modern versions Ubuntu and Fedora. It is quite obvious that the Mint team have put serious time and thought into it being user friendly and polished in both form and function. Another notable difference between Mint and its parent distribution Ubuntu is Mint looks a bit more refined and polished with its default installation and application choices. The application menu is probably the best designed and laid out default menu I’ve ever experienced and even my 4 year old had no trouble understanding how to find things on the menu after a few minutes (the games of course, which I installed his favorites, aren’t installed by default; which is a good thing for someone considering using this as their desktop workstation) The only complaint with the menu is that it’s large, which is good for many people, but it takes up about a third of the screen when it’s open (to be fair the monitor on this machine is fairly old and the resolution isn’t as large as a new monitor would be since it’s not in wide-screen format.) The installation of packages through the software manager is also more refined and offers a bit more direction to a user unfamiliar with what application they should choose for a specific task than the interface used in Ubuntu and Synaptic. It provides ratings and reviews and views which a new user unsure of the name of a specific task will find invaluable in finding the right application to install. Again the polish of the distribution is quite impressive.

It also becomes quickly apparent there is a lot of thought and review in the choices they provide for the default applications… for example they install Pidgin instead of Empathy, while Empathy is somewhat cleaner it lacks many features that a heavy user of instant messengers will want, like the ability to block contacts and use encrypted connections (like off-the-record.) I didn’t have to mess around with a lot of codecs to get my test videos to play and the video sites I visited on the web worked flawlessly without any modifications. Firefox is not only the default but it also has most of the common plug-ins you need for web browsing installed… Which brings me to my biggest complaint about Mint, they may have gone a bit far with branding. The green is done in a nice way even though I’m not tremendously fond of it as a color in general I liked how they brought it all together, I can handle the default wallpaper (or change it easily) with a Mint logo on it (it’s very simple and benign), but they got Mint in my Firefox, a whole lot of Mint in my Firefox, the default page (which I’m fine with), half a dozen links in the toolbar visible in the browser, an rss feed visible in the browser, a search enhancer for Google, etc. It was just too much, branding is a requirement, but over branding can distract from the goals of what you want to accomplish and I feel that’s the case specifically with Firefox in Mint and somewhat overall with Mint in general after having used it for a couple days… that being said, it wouldn’t take more than 15 minutes to customize and remove most of the branding that you dislike.

In conclusion, I think Mint 8 is a spectacular desktop distribution of Linux that does a better job of hardware detection than I’ve experienced in even Ubuntu and offers a level of user-friendliness unrivaled by any other distribution. Their choices for application defaults, plug-ins, and codecs along with the ease of installing new applications that the user will find useful makes life easier on new users than just about any other distribution they could potentially use. I highly recommend Mint as a desktop for new and experience users of Linux alike, however I wouldn’t recommend it for a server as that is obviously not the task it is designed for. I look forward to seeing what the next release of Mint offers as it has grown tremendously since the first time I tried it and I feel I can recommend it to newcomers wholeheartedly.