Tag: htaccess

Redirect within a javascript file

There often comes a time when you are working on a large project and find a need to refactor javascript resources. Unfortunately, if those assets are accessed by 3rd parties or other code you cannot easily update, you might find yourself stuck.

If you have access to the Tier1 (HTTP server such as ApacheHTTPd) you can often do this within the httpd.conf, or an .htaccess file update. If not, you can always do a simple function within the old javascript file itself, such as the one below.

Put this in the old javascript file location, it is in a closure to prevent the variables from “leaking” into the global namespace.


/* MOVED */
(function(){
"use strict";
var u='/js/newfile.js';
var t=document.createElement('script');t.type='text/javascript';t.src=u;
var s=document.getElementsByTagName('script')[0];s.parentNode.insertBefore(t,s);
})();

Blocking access to files by extension in Apache

Usually, you might have a simple rule to prevent users from accessing sensitive files such as “.htaccess“, that rule might look like:

<FilesMatch "^\.ht">
Order deny,allow
Deny from all
Satisfy all
</FilesMatch>

You can also use this capability to prevent other file extensions. For example, if you wanted to block common image formats extensions, you might add the following:

<FilesMatch "\.(gif|png|jpg|ico)$">
Order allow,deny
Deny from all
Satisfy all
</FilesMatch>

Some other file extensions to consider, *.bak, *.old, *.inc

REFERENCES:

Enabling .htaccess in Apache 2.x

There may come a time when you want to change server behaviors for a specific path on your web server. Often times this becomes necessary if you host web sites that the customer wants to manage externally.

There are only a few small changes required:

  1. In your httpd.conf file…
    # use .htaccess files for overriding,
    AccessFileName .htaccess
    # and never show any file starting with .ht
    <files ~ "^\.ht">
    Order allow,deny
    Deny from all
    </files>
  2. The for the paths (or virtual hosts, you’ll need to add this line):
    AllowOverride All
  3. Add the appropriate .htaccess files where needed.

DISCLAIMER: This technique CAN result in performance improvements, but should be put in your main server configuration file (httpd.conf), rather than in .htaccess files. .These files, by their very nature, cause performance degradation on your website, and so should be avoided whenever possible as they require an increase in file I/O (reads) on the server.

REFERENCES:

Enable .htaccess on Apache HTTPD Server

Occasionally, there becomes a need to expose the use of the .htaccess file to the domains hosted on your Apache server. This technique is particularly useful when you host websites for external clients (or developers).

The steps to enable it are relatively easy,

  • Uncomment the ‘httpd.conf’ line that reads as:

    LoadModule rewrite_module modules/mod_rewrite.so

  • Review (and replace as appropriate) all cases of :

    AllowOverride None with AllowOverride All

    in the following files:
    httpd.conf, /extra/httpd-vhosts.conf, /extra/httpd-autoindex.conf and any related files you may be using.

  • Add the .htaccess file into the appropriate websites/folders
  • Restart the server to accept the changes

NOTE: If you develop or host on Windows, you’ll likely have problems creating the file because there is no filename, just a file extension. You can create (or download) it from any non-Windows host and use it without additional changes. Apache does let you use a different filename, but you also need to be careful to update related security configuration that is used to prevent download of such files.

Happy hosting!