TeamRocket
Guest
- 0
- Posts
.htaccess - a great resource for any webmaster - here is what you can do:
Custom Error Documents
In order to specify your own ErrorDocuments, you need to be slightly familiar with the server returned error codes. (List below). You do not need to specify error pages for all of these, in fact you shouldn't. An ErrorDocument for code 200 would cause an infinite loop, whenever a page was found...this would not be good.
You will probably want to create an error document for codes 404 and 500, at the least 404 since this would give you a chance to handle requests for pages not found. 500 would help you out with internal server errors in any scripts you have running. You may also want to consider ErrorDocuments for 401 - Authorization Required (as in when somebody tries to enter a protected area of your site without the proper credentials), 403 - Forbidden (as in when a file with permissions not allowing it to be accessed by the user is requested) and 400 - Bad Request, which is one of those generic kind of errors that people get to by doing some weird stuff with your URL or scripts.
In order to specify your own customized error documents, you simply need to add the following command, on one line, within your htaccess file:
If you were to use an error document handler for each of the error codes I mentioned, the htaccess file would look like the following (note each command is on its own line):
You can also specify HTML, believe it or not!
Now you should have yourself some brand-spanking new error documents...go off and destroy your site to see some of those beautiful ErrorDocuments get pulled up.
Error Codes:
Successful Client Requests200OK201Created202Accepted203Non-Authorative Information204No Content205Reset Content206Partial ContentClient Request Redirected300Multiple Choices301Moved Permanently302Moved Temporarily303See Other304Not Modified305Use ProxyClient Request Errors400Bad Request401Authorization Required402Payment Required (not used yet)403Forbidden404Not Found405Method Not Allowed406Not Acceptable (encoding)407Proxy Authentication Required 408Request Timed Out409Conflicting Request410Gone411Content Length Required412Precondition Failed413Request Entity Too Long414Request URI Too Long415Unsupported Media Type Server Errors: 500 Internal Server Error501 Not Implemented502 Bad Gateway 503 Service Unavailable 504 Gateway Timeout 505 HTTP Version Not Supported
Preventing hot linking of images
In the webmaster community, "hot linking" is a curse phrase. Also known as "bandwidth stealing" by the angry site owner, it refers to linking directly to non-html objects not on one own's server, such as images, .js files etc. The victim's server in this case is robbed of bandwidth (and in turn money) as the violator enjoys showing content without having to pay for its deliverance. The most common practice of hot linking pertains to another site's images.
Using .htaccess, you can disallow hot linking on your server, so those attempting to link to an image on your site, for example, is shown either the door (a broken image), or the lion's mouth (another image of your choice, such as a "Barbara Streisand" picture- no emails please). There is just one small catch- unlike the rest of the .htaccess functionalities we saw earlier, disabling hot linking also requires that your server supports mod_rewrite. Inquire your web host regarding this.
With all the pieces in place, here's how to disable hot linking of images on your site. Simply add the below code to your .htaccess file, and upload the file either to your root directory, or a particular subdirectory to localize the effect to just one section of your site:
RewriteEngine onRewriteCond %{HTTP_REFERER} !^$RewriteCond %{HTTP_REFERER} !^https://(www\.)?mydomain.com/.*$ [NC]RewriteRule \.(gif|jpg)$ - [F]Be sure to replace "mydomain.com" with your own. The above code causes a broken image to be displayed when its hot linked.
If you're feeling bitter, you can set things up so an alternate image is displayed in place of the hot linked one. The code for this is:
RewriteEngine onRewriteCond %{HTTP_REFERER} !^$RewriteCond %{HTTP_REFERER} !^https://(www\.)?mydomain.com/.*$ [NC]RewriteRule \.(gif|jpg)$ https://www.mydomain.com/nasty.gif [R,L]Same deal- replace mydomain.com with your own, plus nasty.gif.
I didn't write this - found it on www.javascriptkit.com
Custom Error Documents
In order to specify your own ErrorDocuments, you need to be slightly familiar with the server returned error codes. (List below). You do not need to specify error pages for all of these, in fact you shouldn't. An ErrorDocument for code 200 would cause an infinite loop, whenever a page was found...this would not be good.
You will probably want to create an error document for codes 404 and 500, at the least 404 since this would give you a chance to handle requests for pages not found. 500 would help you out with internal server errors in any scripts you have running. You may also want to consider ErrorDocuments for 401 - Authorization Required (as in when somebody tries to enter a protected area of your site without the proper credentials), 403 - Forbidden (as in when a file with permissions not allowing it to be accessed by the user is requested) and 400 - Bad Request, which is one of those generic kind of errors that people get to by doing some weird stuff with your URL or scripts.
In order to specify your own customized error documents, you simply need to add the following command, on one line, within your htaccess file:
ErrorDocument code /directory/filename.ext
or
ErrorDocument 404 /errors/notfound.html
This would cause any error code resulting in 404 to be forward to yoursite.com/errors/notfound.html
Likewise with:
ErrorDocument 500 /errors/internalerror.html
You can name the pages anything you want (I'd recommend something that would prevent you from forgetting what the page is being used for), and you can place the error pages anywhere you want within your site, so long as they are web-accessible (through a URL). The initial slash in the directory location represents the root directory of your site, that being where your default page for your first-level domain is located. I typically prefer to keep them in a separate directory for maintenance purposes and in order to better control spiders indexing them through a ROBOTS.TXT file, but it is entirely up to you.or
ErrorDocument 404 /errors/notfound.html
This would cause any error code resulting in 404 to be forward to yoursite.com/errors/notfound.html
Likewise with:
ErrorDocument 500 /errors/internalerror.html
If you were to use an error document handler for each of the error codes I mentioned, the htaccess file would look like the following (note each command is on its own line):
ErrorDocument 400 /errors/badrequest.htmlErrorDocument 401 /errors/authreqd.htmlErrorDocument 403 /errors/forbid.htmlErrorDocument 404 /errors/notfound.htmlErrorDocument 500 /errors/serverr.html
You can specify a full URL rather than a virtual URL in the ErrorDocument string (https://yoursite.com/errors/notfound.html vs. /errors/notfound.html). But this is not the preferred method by the server's happiness standards.You can also specify HTML, believe it or not!
ErrorDocument 401 "<body bgcolor=#ffffff><h1>You have to actually <b>BE</b> a <a href="#">member</A> to view this page, Colonel!
The only time I use that HTML option is if I am feeling particularly saucy, since you can have so much more control over the error pages when used in conjunction with xSSI or CGI or both. Also note that the ErrorDocument starts with a " just before the HTML starts, but does not end with one...it shouldn't end with one and if you do use that option, keep it that way. And again, that should all be on one line, no naughty word wrapping!Now you should have yourself some brand-spanking new error documents...go off and destroy your site to see some of those beautiful ErrorDocuments get pulled up.
Error Codes:
Successful Client Requests200OK201Created202Accepted203Non-Authorative Information204No Content205Reset Content206Partial ContentClient Request Redirected300Multiple Choices301Moved Permanently302Moved Temporarily303See Other304Not Modified305Use ProxyClient Request Errors400Bad Request401Authorization Required402Payment Required (not used yet)403Forbidden404Not Found405Method Not Allowed406Not Acceptable (encoding)407Proxy Authentication Required 408Request Timed Out409Conflicting Request410Gone411Content Length Required412Precondition Failed413Request Entity Too Long414Request URI Too Long415Unsupported Media Type Server Errors: 500 Internal Server Error501 Not Implemented502 Bad Gateway 503 Service Unavailable 504 Gateway Timeout 505 HTTP Version Not Supported
Preventing hot linking of images
In the webmaster community, "hot linking" is a curse phrase. Also known as "bandwidth stealing" by the angry site owner, it refers to linking directly to non-html objects not on one own's server, such as images, .js files etc. The victim's server in this case is robbed of bandwidth (and in turn money) as the violator enjoys showing content without having to pay for its deliverance. The most common practice of hot linking pertains to another site's images.
Using .htaccess, you can disallow hot linking on your server, so those attempting to link to an image on your site, for example, is shown either the door (a broken image), or the lion's mouth (another image of your choice, such as a "Barbara Streisand" picture- no emails please). There is just one small catch- unlike the rest of the .htaccess functionalities we saw earlier, disabling hot linking also requires that your server supports mod_rewrite. Inquire your web host regarding this.
With all the pieces in place, here's how to disable hot linking of images on your site. Simply add the below code to your .htaccess file, and upload the file either to your root directory, or a particular subdirectory to localize the effect to just one section of your site:
RewriteEngine onRewriteCond %{HTTP_REFERER} !^$RewriteCond %{HTTP_REFERER} !^https://(www\.)?mydomain.com/.*$ [NC]RewriteRule \.(gif|jpg)$ - [F]Be sure to replace "mydomain.com" with your own. The above code causes a broken image to be displayed when its hot linked.
If you're feeling bitter, you can set things up so an alternate image is displayed in place of the hot linked one. The code for this is:
RewriteEngine onRewriteCond %{HTTP_REFERER} !^$RewriteCond %{HTTP_REFERER} !^https://(www\.)?mydomain.com/.*$ [NC]RewriteRule \.(gif|jpg)$ https://www.mydomain.com/nasty.gif [R,L]Same deal- replace mydomain.com with your own, plus nasty.gif.
I didn't write this - found it on www.javascriptkit.com
Last edited: