Linux Tutorial Web Site


Keith's Software and Tutorials Home Page
Knowledge Is Power
About htaccess and XBitHack




Sections on this page:


Companion pages:


How To Use Your CGI-BIN

Trying Sun Solaris For Intel x86

Automate Cisco Device Monitoring

CGI Scripts On Windows NT / IIS

Find Out About Bad Links To Your Websites

Windows PPTP Clients with Cisco VPN Routers

Setting Up a DMZ with Cisco Routers

Beginners Guide To Linux
(My new Web site!)



If you want to add a bookmark for future reference;   for Netscape press Ctrl-D,   for Internet Explorer click here




What is htaccess
Most hosting companies will host multiple domains on one server, and all the domains use the same Web server software installed on that server. This presents a problem. What if two Webmasters using the same server need different Web server configurations? Apache addressed this by using .htaccess files. (Other Web-server software packages have similar functionality. If your host isn't using Apache, you'll have to ask them how to implement local configurations.)

Apache, like any other software, has configuration files. Your host edits these "global" configuration files to serve as a default for all of the sites hosted on the server. The .htaccess file (pronounced "h t access") acts as a "local" configuration file so that individual Websites can customize the configuration to suit their needs.

The .htaccess file is an ordinary text file that you can create using Notepad or any text editor and ftp it into your Web root directory. This file will contain the configuration statements (commands) to customize the Apache Web server software for your Website.

Notice that the file name starts with a period. This is to indicate to the Linux/UNIX operating system that it is a "system file" that is used by a server application, not by a user of the system (such as an html file would be). However, with Windows, the period denotes a separator between a file's name and its' "extension". As a result, if you try and create a .htaccess file in Windows it won't have a name. To get around this, create a file called htaccess.txt, ftp that to the server, and then rename it to .htaccess once it's there.

Professional Error Page

Did you ever notice how some Websites display a nice fancy "Sorry" page instead of the generic, server-generated "404" error page when a non-existent page is requested? That's a very common use of a .htaccess file and it's very easy to do. You can see the custom 404 page I created for my About Debian site using this link:

http://www.aboutdebian.com/no-such-page


  1. Create an html page that you would like your visitors to see if they request a non-existent file, using all of the headers, graphics, etc. that your other pages have. Save this page with the name error.html (or any name you prefer).

  2. Use a text editor to create an htaccess.txt file and enter the following statement into it:

    ErrorDocument 404 http://www.mydomain.com/error.html

    replacing "mydomain" with your domain name and the correct page name if you didn't use "error.html" in Step 1 above. Then save the file.

  3. ftp both the error.html file and the htaccess.txt file (using ASCII mode) to your Web root directory (or whatever directory your index.html file is in). It is not necessary to CHMOD anything.

  4. Rename the htaccess.txt file to .htaccess

    Note:   After you rename the file it should appear at the top of the file list due to having a period as the first character in the file name. If you don't see it, check your ftp program settings to make sure you have it set to "show system files". (With WS_FTP it's the "Show full directory information" check-box under the "Advanced" tab in the Options window.) If, after setting this option, you still don't see the file, it's because the server is set not to show these files. It should still work though, provided your host supports the use of htaccess files.
  5. Try it out by entering the URL for a non-existent page on your Website.

One common cause of visitors encountering a 404 error when going to your site is when another site links to yours but misspells the page name or links to a page that you have removed. When such a case exists, it would be nice to know which site has the bad link so you can contact that site's Webmaster and ask that the link be corrected. Check out the Bad Referral Link page for instructions on how to set up a CGI script which will automatically e-mail you the URL of any Website that has a bad link to yours.


A Note About favicon.ico

When people using Explorer browsers add a page to their "favorites" (bookmark it), the browser looks in the Web root (where the home page is stored) of the server for a file called favicon.ico and tries to download it. This is an icon that is placed next to the page name in the "Favorites" drop-down menu of the browser. If there is no favicon.ico file, your error page or script might get called.

You should always place a favicon.ico file in the Web root of your Web site. For maximum compatibility with older browsers, it should be 16 by 16 pixels in size and have a maximum of 16 colors. There are numerous freeware and shareware icon editors available on the Web that you can use to create this icon. You cannot use a regular graphics editor because most don't support the .ico format. Make sure the icon editor you use will do 16x16x16 icons.

SSI Without .shtml

In order to understand what this use of htaccess can do for you, you have to understand what SSI directives are. (SSI directives are covered in the How To Use Your CGI-BIN page.) You can put an SSI directive tag in your Web page, but that doesn't mean the server will look for it. Looking through an html file for SSI directives is called "parsing", and by default a server doesn't parse every html file. It only parses pages that have a .shtml extension.

Dilemma:  
You want to start using SSI directives in your Web pages to call a script or display certain things on the pages. Your host requires that pages with SSI directives have a .shtml extension. However, over time all of your pages have been linked to and indexed by search engines using their current .html extensions. If you change the extensions to comply with your host, a lot of people will start getting 404 errors.
htaccess to the rescue! Certain htaccess statements allow you to tell the server to parse certain pages that don't have a .shtml extension.

If you created the htaccess.txt file above, simply add the statements given below to it and re-ftp/rename it. If you didn't, here are the steps:

  1. Use a text editor to create an htaccess.txt file and enter the following statements into it:

    AddType text/html .html
    AddHandler server-parsed .html

    replacing .html with .htm if that's what you are using for your pages.

  2. Save the file and ftp it (using ASCII mode) to your Web root directory (or whatever directory your index.html file is in).

  3. Rename the htaccess.txt file on the server to .htaccess

  4. Try it out by entering a URL for one of the pages that contains an SSI directive and see if it's working.
The above can be thought of as the "directory method" method for enabling SSI parsing because all files in the directory with the specified extension will be parsed, including files in any sub-directories. SSI parsing does have a small performance price due to all this parsing. If your site has a lot of traffic and a lot of pages that performance price could add up. What if you have a lot of traffic and a lot of pages but you only have a few files that you want parsed? Then you'd want to use XBitHack which is covered in the next section.

Not all hosts allow you to use a .htaccess file. They have to use an AllowOverride statement in one of the global configuration files. Ask your host, or a potential host, if they allow the use of .htaccess files. If so, also ask if they allow the use of XbitHack. If they so 'No' to the question of htaccess, pleading with them to enable it on your server may work, especially if you sound like you know what you're talking about (which this page will help you to do).

A .htaccess file is a very powerful tool. You can use it to set up password-protected directories, change the way Apache responds to certain events, etc. The flip side of that is that you can really hose things up or give unintended access to visitors if you're not careful. You may want to try out your attempts with .htaccess during low-traffic times on your Website so that any problems can be corrected without affecting too many visitors.

Note also that the very fact that this is a very powerful tool may be reason enough for some hosting services not to allow you to use it. A hosting service sets up multiple "virtual" Web servers so multiple domains can be hosting on a single system (each domain having it's own virtual Web server). They do this by adding statements (aka directives) to the main Apache configuration file (named httpd.conf). When they add these virtual server directives they must include the directive to enable htaccess functionality. If you try the above and it doesn't work, chances are good your host doesn't have the htaccess function enabled.

Top of page



What is XBitHack
XBitHack (pronounced "X bit hack") is simply one of those htaccess configuration statements mentioned above. If you're not willing to put up with the performance costs of the "directory method" for enabling parsing of non-.shtml pages covered above, think of XBitHack as a "file method". This is because you can specify on a file-by-file basis which non-.shtml files get parsed.

Using XBitHack for this "file method" has two steps:



If you created the htaccess.txt file above, simply add the statement given below to it and re-ftp/rename it to enable XBitHack. If your .htaccess file contains the AddType and AddHandler statements from above, REMOVE THEM. If you didn't create the file earlier, here are the steps to enabling XBitHack:

  1. Use a text editor to create an htaccess.txt file and enter the following statement into it:

    XBitHack on

  2. Save the file and ftp it (using ASCII mode) to your Web root directory (or whatever directory your index.html file is in).

  3. Rename the htaccess.txt file to .htaccess

  4. CHMOD the page files, and only the page files, that you want parsed (i.e. that will contain SSI directives) to 744 (instead of 644). This is what tells the server to parse the page.

  5. Try it out by entering a URL for one of the pages that contains an SSI directive and see if it's working.

    If it doesn't work, check your error log for a message like

    XBitHack not allowed here


It is possible that your host allows htaccess but not XBitHack. If you don't find the above error, you'll have to contact your host's technical support operation. However, by knowing what htaccess and XBitHack are, you can ask them intelligent questions regarding your problem. When they realize you know what you are talking about, they will be less likely to feed you a line of BS. Also, don't be surprised if the support person you speak to doesn't know what you are talking about. First-line technical support and sales people are usually entry-level jobs in an organization. If you get the sense they don't know what you are talking about, ask to speak to a more senior support person who does.

Top of page





Powered by Apache On Debian Linux


Contents, diagrams, and images    Copyright © 2004-2015    Keith Parkansky    All rights reserved.
"Bestdam Logger" and the BDL graphic logo are trademarks of Keith Parkansky.
Certain graphics, symbols, and terms used on this site and in its documents are registered trademarks
of their respective owners and are contained herein for identification purposes only.
No endorsement of this site, its contents, or its documents by these owners is expressed or implied.

LIABILITY
IN NO EVENT WILL KEITH PARKANSKY BE LIABLE TO ANY PARTY (i) FOR ANY DIRECT, INDIRECT, SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF PROGRAMS OR INFORMATION, AND THE LIKE), OR ANY OTHER DAMAGES ARISING IN ANY WAY OUT OF THE AVAILABILITY, USE, RELIANCE ON, OR INABILITY TO USE THE INFORMATION, METHODS, HTML OR COMPUTER CODE, OR "KNOWLEDGE" PROVIDED ON OR THROUGH THIS WEBSITE OR ANY OF ITS' ASSOCIATED DOCUMENTS, DIAGRAMS, IMAGES, REPRODUCTIONS, COMPUTER EXECUTED CODE, OR ELECTRONICALLY STORED OR TRANSMITTED FILES OR GENERATED COMMUNICATIONS OR DATA EVEN IF KEITH PARKANSKY SHALL HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, OR OTHERWISE; OR (ii) FOR ANY CLAIM ATTRIBUTABLE TO ERRORS, OMISSIONS, OR OTHER INACCURACIES IN, OR DESTRUCTIVE PROPERTIES OF ANY INFORMATION, METHODS, HTML OR COMPUTER CODE, OR "KNOWLEDGE" PROVIDED ON OR THROUGH THIS WEBSITE OR ANY OF ITS' ASSOCIATED DOCUMENTS, DIAGRAMS, IMAGES, REPRODUCTIONS, COMPUTER EXECUTED CODE, OR ELECTRONICALLY STORED, TRANSMITTED, OR GENERATED FILES, COMMUNICATIONS, OR DATA. USE OF THIS SITE CONSTITUTES ACCEPTANCE OF ALL STATED TERMS AND CONDITIONS.