Error Documents
This seems to be what people think htaccess was meant for, but it is only part of the general use. We'll be getting into progressively more advanced stuff after this.
| Successful Client Requests | ||
| 200 | OK | |
| 201 | Created | |
| 202 | Accepted | |
| 203 | Non-Authorative Information | |
| 204 | No Content | |
| 205 | Reset Content | |
| 206 | Partial Content | |
| Client Request Redirected | ||
| 300 | Multiple Choices | |
| 301 | Moved Permanently | |
| 302 | Moved Temporarily | |
| 303 | See Other | |
| 304 | Not Modified | |
| 305 | Use Proxy | |
| Client Request Errors | ||
| 400 | Bad Request | |
| 401 | Authorization Required | |
| 402 | Payment Required (not used yet) | |
| 403 | Forbidden | |
| 404 | Not Found | |
| 405 | Method Not Allowed | |
| 406 | Not Acceptable (encoding) | |
| 407 | Proxy Authentication Required | |
| 408 | Request Timed Out | |
| 409 | Conflicting Request | |
| 410 | Gone | |
| 411 | Content Length Required | |
| 412 | Precondition Failed | |
| 413 | Request Entity Too Long | |
| 414 | Request URI Too Long | |
| 415 | Unsupported Media Type | |
| Server Errors | ||
| 500 | Internal Server Error | |
| 501 | Not Implemented | |
| 502 | Bad Gateway | |
| 503 | Service Unavailable | |
| 504 | Gateway Timeout | |
| 505 | HTTP Version Not Supported | |
You will probably want to create an error document for codes 404 and 500, at the least 404 since this would give you a chance to handle requests for pages not found. 500 would help you out with internal server errors in any scripts you have running. You may also want to consider ErrorDocuments for 401 - Authorization Required (as in when somebody tries to enter a protected area of your site without the proper credentials), 403 - Forbidden (as in when a file with permissions not allowing it to be accessed by the user is requested) and 400 - Bad Request, which is one of those generic kind of errors that people get to by doing some weird stuff with your URL or scripts.
In order to specify your own customized error documents, you simply need to add the following command, on one line, within your htaccess file:
ErrorDocument code /directory/filename.ext
or
ErrorDocument 404 /errors/notfound.html
This would cause any error code resulting in 404 to be forward to yoursite.com/errors/notfound.html
Likewise with:
ErrorDocument 500 /errors/internalerror.html
You can name the pages anything you want (I'd recommend something that would prevent you from forgetting what the page is being used for), and you can place the error pages anywhere you want within your site, so long as they are web-accessible (through a URL). The initial slash in the directory location represents the root directory of your site, that being where your default page for your first-level domain is located. I typically prefer to keep them in a separate directory for maintenance purposes and in order to better control spiders indexing them through a ROBOTS.TXT file, but it is entirely up to you.
If you were to use an error document handler for each of the error codes I mentioned, the htaccess file would look like the following (note each command is on its own line):
ErrorDocument 400 /errors/badrequest.html ErrorDocument 401 /errors/authreqd.html ErrorDocument 403 /errors/forbid.html ErrorDocument 404 /errors/notfound.html ErrorDocument 500 /errors/serverr.html
You can specify a full URL rather than a virtual URL in the ErrorDocument string (http://yoursite.com/errors/notfound.html vs. /errors/notfound.html). But this is not the preferred method by the server's happiness standards.
You can also specify HTML, believe it or not!
ErrorDocument 401 "<body bgcolor=#ffffff><h1>You have to actually <b>BE</b> a <a href="#">member</A> to view this page, Colonel!
The only time I use that HTML option is if I am feeling particularly saucy, since you can have so much more control over the error pages when used in conjunction with xSSI or CGI or both. Also note that the ErrorDocument starts with a " just before the HTML starts, but does not end with one...it shouldn't end with one and if you do use that option, keep it that way. And again, that should all be on one line, no naughty word wrapping!
Next, we are moving on to password protection, that last frontier before I dunk you into the true capabilities of htaccess. If you are familiar with setting up your own password protected directories via htaccess, you may feel like skipping ahead.
- Tutorial Introduction
- Error Documents
- Password protection
- Enabling SSI via htaccess
- Blocking users by IP
- Blocking users/ sites by referrer
- Blocking bad bots and site rippers (aka offline browsers)
- Change your default directory page
- Redirects
- Prevent viewing of htaccess
- Adding MIME types
- Preventing hot linking of your images and other file types
- Preventing directory listing
- Conclusion and more information
