Control of access that used ".htaccess" file

I want to often do the access limitation of the concealment of the list of the directory by putting a special file named htaccess on the server or prohibiting the direct link to the file or the attestation by ID and the password. It explains the control of access in this page.

Feature of ".htaccess" file

The ".htaccess" file is a configuration file that controls the movement of the server, and each user is a special text file that can be set in each directory. There is no file name and the file only of the extension. It is necessary to up-load it by the FTP by the text mode for the text file.

The ".htaccess" file influences the directory set up and the entire subdirectory under that.

According to the server The ".htaccess" file cannot be set up. It is not possible to put it in free homepage space a lot.

Method of not showing list of content of directory by using ".htaccess"

The list of the content of the directory might be displayed when there is no index file according to the server. When it is unpalatable if seen, concealing it is better. However, the dummy It can be solved to write index.html or index.htm in all directories by .htaccess when it is troublesome. To stop displaying the list, it writes in .htaccess file as follows.

Options -Indexes

When showing it to opposite, as follows.

Options +Indexes

Control of access that used ".htaccess" (direct link prohibition)

Same one of the control of access (A direct link prohibition and a direct link are prohibited) to the HTML file as the troubled writing measures of the bulletin board is effective.

However, this method cannot be used for the picture file etc.However, it is possible in .htaccess file. .It is possible to apply to all of the file below the directory where the htaccess file is put.

SetEnvIf Referer "^http://www\.****\.net" ok
SetEnvIf Referer "^$" ok
order deny,allow
deny from all
allow from env=ok

If environment variable Referer was "http.//www.****.net" in the first line, the variable named ok is set. It displays it when the reference origin is concealed, accessed when Norton Internet Security etc. are used by the second line, and the address will be stricken soon and there is no Referer. The order of the refusal and permission is specified by the third line, everything is refused by the fourth line, and only ok is permitted by the fifth line.

Only when the image folder becomes another, this method can be used. When the HTML file exists together to the picture file, as follows is done.

<Files ~ "\.(gif|png|jpg)$">
SetEnvIf Referer "^http://www\.****\.net" ok
SetEnvIf Referer "^$" ok
order deny,allow
deny from all
allow from env=ok

The kind of the picture file is specified by the first line. If this file type is changed, moderate operation is done.

BASIC attestation (Control of access in ID and the password)

The Basic attestation is a mechanism to which the file below the directory is inaccessible as long as neither ID nor the password are correctly input. This also. It is possible to achieve it by htaccess.

The ".htaccess" file is put like "/abc/.htaccess" and the content of the file is described as follows when applying to the directory below "/abc" as an example.

require valid-user
AuthName "Please enter user name and password"
Authtype Basic
AuthUserFile /****/*****/abc/.htpasswd

The "/****/*****/abc/.htpasswd" specifies the full path to ".htpasswd". Please inquire of the manager of the server when you do not understand passing this document route.

As an example. The content of the text file of ".htpasswd" does as follows.


This ID="abcdef" Password="123456" It is an example for assumption. The encrypted program is how much if it retrieves it by "ID password encryption BASIC attestation" on the Internet.

It is possible to correspond if this number of lines are increased when there is combination of ID and the password a lot.