Custom Indexing

Groovy things to do with .htaccess..

So far we’ve only scratched the surface. Aside from authorisation, the humble .htaccess file can be put to all kinds of uses. If you’ve ever had a look in my public archives you will have noticed that that the directories are fully browsable, just like in the old days before adult web hosts realized how to turn that feature off! A line like this..

bring back the directories!

Options +Indexes +MultiViews +FollowSymlinks

..will almost certainly turn it back on again. And if you have mod_autoindex.c installed on your server (probably, yes), you can get nice fancy indexing, too..

show me those files!

<IfModule mod_autoindex.c>
IndexOptions FancyIndexing
</ifModule>

..which, as well as being neater, allows users to click the titles and, for instance, order the listing by date, or file size, or whatever. It’s all for free too, built-in to the server, we’re just switching it on. You can control certain parameters too..

let’s go all the way!

<IfModule mod_autoindex.c>
IndexOptions FancyIndexing IconHeight=16 IconWidth=16
</ifModule>

Other parameters you could add include..

NameWidth=30
DescriptionWidth=30
IconsAreLinks SuppressHTMLPreamble (handy!)

I’m not mentioning the “XHTML” parameter in Apache2, because it still isn’t! Anyways, I’ve chucked one of my old fancy indexing .htaccess file onsite for you to have some fun with. Just add readme.html and away you go! note: these days I use a single header files for all the indexes..

HeaderName /inc/header.html

.. and only drop in local “readme” files. Check out the example, and my public archives for more details.

custom directory index files

While I’m here, it’s worth mentioning that .htaccess is where you can specify which files you want to use as your indexes, that is, if a user requests /foo/, Apache will serve up /foo/index.html, or whatever file you specify.

You can also specify multiple files, and Apache will look for each in order, and present the first one it finds. It’s generally setup something like..

DirectoryIndex index.html index.php index.htm

It really is worth scouting around the Apache documentation, often you will find controls for things you imagined were uncontrollable, thereby creating new possibilities, better options for your website. My experience of the magic “LAMP” (Linux-Apache-MySQL-PHP) has been.. “If you can imagine that it can be done, it can be done”. Swap “Linux” for any decent operating system, the “AMP” part runs on most of them.

Okay, so now we have nice fancy directories, and some of them password protected, if you don’t watch out, you’re site will get popular, and that means bandwidth..

Save Hard Cash

Save bandwidth with .htaccess!

If you pay for your bandwidth, this wee line could save you hard cash..

save me hard cash! and help the internet!

<ifModule mod_php4.c>
php_value zlib.output_compression 16386
</ifModule>

All it does is enables PHP’s built-in transparent zlib compression. This will half your bandwidth usage in one stroke, more than that, in fact. Of course it only works with data being output by the PHP module, but if you design your pages with this in mind, you can use php echo statements, or better yet, php “includes” for your plain html output and just compress everything! Remember, if you run phpsuexec, you’ll need to put php directives in a local php.ini file, not .htaccess. See here for more details.

Hide and Deny Files

Do you remember I mentioned that any file beginning with .ht is invisible? ..”almost every web server in the world is configured to ignore them, by default” and that is, of course, because .ht_anything files generally have server directives and passwords and stuff in them, most servers will have something like this in their main configuration..

Standard setting..

<Files ~ “^\.ht”>
Order allow,deny
Deny from all
Satisfy All
</Files>

which instructs the server to deny access to any file beginning with .ht, effectively protecting our .htaccess and other files. The “.” at the start prevents them being displayed in an index, and the .ht prevents them being accessed. This version..

ignore what you want

<Files ~ “^.*\.([Ll][Oo][Gg])”>
Order allow,deny
Deny from all
Satisfy All
</Files>

tells the server to deny access to *.log files. You can insert multiple file types into each rule, separating them with a pipe “|”, and you can insert multiple blocks into your .htaccess file, too. I find it convenient to put all the files starting with a dot into one, and the files with denied extensions into another, something like this..

the whole lot

# deny all .htaccess, .DS_Store $hî†é and ._* (resource fork) files
<Files ~ “^\.([Hh][Tt]|[Dd][Ss]_[Ss]|[_])”>
Order allow,deny
Deny from all
Satisfy All
</Files>

# deny access to all .log and .comment files
<Files ~ “^.*\.([Ll][Oo][Gg]|[cC][oO][mM][mM][eE][nN][tT])”>
Order allow,deny
Deny from all
Satisfy All
</Files>

would cover all ._* resource fork files, .DS_Store files (which the Mac Finder creates all over the place) *.log files, *.comment files and of course, our .ht* files. You can add whatever file types you need to protect from direct access. I think it’s clear now why the file is called “.htaccess”.

FilesMatch

These days, using <FilesMatch> is preferred over <Files>, mainly because you can use regular expression in the conditions (very handy), produce clean, more readable code. Here’s an example. which I use for my php-generated style sheets..

parse file.css and file.style with the php machine..

# handler for phpsuexec..
<FilesMatch “\.(css|style)$”>
SetHandler application/x-httpd-php
</FilesMatch>

Any files with a *.css or *.style extension will now be handled by php, rather than simply served up by Apache. And because you can use regexp, you could do stuff like <FilesMatch "\.s?html$">, which is handy. Any <Files> statements you come across can be advantageously replaced by <FilesMatch> statements. Good to know.

PHP Directives

More stuff..

At the end of my .htaccess files, there always seems to be a section of “stuff”; miscellaneous commands, mainly php flags and switches; so it seems logical to finish up the page with a wee selection of those..

php flags, switches and other stuff..

# let’s enable php (non-cgi, aka. ‘module’) for EVERYTHING..’
AddType application/x-httpd-php5 .htm .html .php .blog .comment .inc

# better yet..
AddHandler php5-script .php

# legacy php4 version..’
AddType application/x-httpd-php .htm .html .php .blog .comment .inc

# don’t even think about setting this to ‘on’
php_value register_globals off

# no session id’s in the URL PULEEZE!
php_value session.use_trans_sid 0
# should be the same as..
php_flag session.use_trans_sid off
# using both should also work fine!

# php error logs..
php_flag display_errors off
php_flag log_errors on
php_value track_errors on
php_value error_log /home/cor/errors/phperr.log

# if you like to collect interesting php system shell access and web hack scripts
# get yourself a SECURE upload facility, and just let the script-kiddies come …
# in no time you will have a huge selection of fascinating code. If you want folk to
# also upload zips and stuff, you might want to increase the upload capacities..
php_value upload_max_filesize 12M
php_value post_max_size 12M

# php 5 only, afaik. handy when your server isn’t where YOU are.
php_value date.timezone Europe/Aberdeen
# actually, Europe/Aberdeen isn’t a valid php timezone, so that won’t work.
# I recommend you check the php manual for this function, because many crazy places ARE!

Note: For most of the flags I’ve tested, you can use on/off and true/false interchangeably, as well as 0/1, also php_value and php_flag can be switched around while things continue to work as expected! I guess, logically, booleans should always be php_flag, and values, php_value; but suffice to say, if some php erm, directive isn’t working, these would all be good things to fiddle with!

Of course, the php manual explains all. The bottom line is; both will work fine, but if you use the wrong type in .htaccess, say, set a php_flag using php_value, a php ini_get() command, for instance, would return true, even though you had set the value to off, because it reads off value as a string, which of course evaluates to not-zero, i.e. 1, or “true”. If you don’t rely on get_ini(), or similar, it’s not a problem, though clearly it’s better to get it right from the start. By the way; one of the values above is incorrectly set. Did you spot it?

Most php settings, you can override inside your actual scripts, but I do find it handy to be able to set defaults for a folder, or an entire site, using .htaccess.

over to you..

That should get you started with .htaccess, quite easy when you know how. If you really want to bend your brain out of shape, follow the link below for part two of the series, where I delve into the arcane mysteries of URL rewriting.

;o)
(or

coming soon

This is test post just to show the all catz…