http://z.askapache.com/htaccess-example2.html
########################################################################
# SECURITY / ACCESS CONTROL #
# If the web server's AllowOverride allows AUTHCONFIG to be overridden #
########################################################################
#
# Save both .htpasswd and .htgroup files in a directory above "documentroot" directory
# (e.g. not in or below /apache/htdocs) but could be below "serverroot" directory
# (e.g. below /apache).
# This will pop-up a user/password dialog box saying Realm =
AuthName "Restricted Area"
# AuthType is normally basic. Not very secure until "Digest" type becomes prevalent
AuthType basic
# If value of AuthUserFile doesn't begin with a slash, it is treated as
# relative to the ServerRoot (not DocumentRoot!)
AuthUserFile "/userhome/blahBlah/.htpasswd"
AuthGroupFile "/userhome/blahBlah/.htgroup"
# Each line of the user file contains a username followed by a colon, followed by the crypt()
# encrypted password. The behavior of multiple occurrences of the same user is undefined.
# You can generate a password file on your system by typing commands on the OS prompt as follows:
# htpasswd -c Filename username # Creates a password file 'Filename' with 'username'
# # as the first user. It will prompt for the new password.
# htpasswd Filename username2 # Adds or modifies in password file 'Filename' the 'username2'.
#
# Each line of the group file contains a groupname followed by a colon, followed by
# the member usernames separated by spaces. For example, put this on one line in the .htgroup file:
# mygroup: bob joe anne
# This set to off will forward a not-found userid to the next-in-line module for authentication.
# 'On' is the default It is better that way.
#AuthAuthoritative off
# Now, we allow specific users or groups to get in.
# require user joe john mary
require valid-user
require group family friends
# More Authentication related, rarely used
# AuthDBGroupFile
# AuthDBUserFile
# AuthDBAuthoritative
# AuthDBMGroupFile
# AuthDBMUserFile
# AuthDBMAuthoritative
# AuthDigestFile
# AuthDigestGroupFile
# AuthDigestQop
# AuthDigestNonceLifetime
# AuthDigestNonceFormat
# AuthDigestNcCheck
# AuthDigestAlgorithm
# AuthDigestDomain
# Using Digest Authentication
###############################################################################
# From here on, if something is not working as you might expect, try to make sure that
# the corresponding AllowOverride is enabled in , or sections
# of server configuarion files (generally httpd.conf, can be access.conf or srm.conf).
# Allowoverride could be:
# 1. AuthConfig (allows AuthName, AuthUserFile, require etc. in .htaccess file)
# 2. FileInfo (allows AddType, DefaultType, ErrorDocument etc. in .htaccess file)
# 3. Indexes (allows DirectoryIndex, FancyIndexing, IndexOptions etc. in .htaccess file)
# 4. Limit (allows use of allow, deny and order directives which control access by host)
# 5. Options (allows use of options directive in .htaccess file - see below)
# 6. All (allows all of the above in .htaccess file. Rare)
# 7. None (allows none of the above in .htaccess file. Rare)
# Usually, AuthConfig is allowed. Rest is up to the particular web host company.
#
# If you get server errors after putting this file in, try disabling
# each section below one-by-one to see what your web hosting company
# allows (or you can ask them :)
###############################################################################
################### THIS IS IMPORTANT! #####################
# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into the server
# or added with the Action command (see below).
# If you want to use server side includes, or CGI outside
# ScriptAliased directories, uncomment the following lines.
# To use CGI scripts:
AddHandler cgi-script cgi pl
# To use server-parsed HTML files
AddType text/html .shtml
AddHandler server-parsed .shtml
# Example of a file whose contents are sent as is so as to tell the client that a file has redirected.
# Status: 301 Now where did I leave that URL
# Location: http://xyz.abc.com/foo/bar.html
# Content-type: text/html
#
#
#
#
# Server always adds a Date: and Server: header to the data returned to the client,
# so don't include these in the file.
#AddHandler send-as-is asis
# If you wish to use server-parsed imagemap files, use
AddHandler imap-file map
# For content negotiation use
#AddHandler type-map var
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action action-type cgi-script
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#Action cgi-script /cgi-bin/default.cgi
# Redirect [status] ABSOLUTE-path-of-old-url new-url. Default status is temp.
# Status is one of permanent (returns 301), temp (returns 302),
# seeother (returns 303, see other document in same place),
# gone (returns 410, no longer available at all) - Don't specify new-URL
# Here, if the client requests http://myserver/service/foo.txt, it will be told
# to access http://foo2.bar.com/service/foo.txt instead.
#Redirect /service http://foo2.bar.com/service
######################################################################
# If the web server's AllowOverride allows FILEINFO to be overridden #
######################################################################
# CookieTracking, AddType, DefaultType, AddHandler, Action, ErrorDocument
# Redirect, Redirectmatch, RedirectPermanent, RedirectTemp
# AddEncoding, AddCharset, AddLanguage, LanguagePriority, DefaultLanguage
#### Comment it out if UserTrack module is not loaded in the server
#CookieName "woiqatty"
#CookieTracking on
# Tweak mime.types without actually editing it, or make certain files to be certain types.
#AddType application/x-httpd-php3 .phtml
AddType application/x-httpd-php3 .php
AddType application/x-httpd-php3 .php3
AddType application/x-httpd-php3-source .phps
AddType application/x-tar .tgz
# In this directory, default filetype is this one if Server cannot
# otherwise determine from filename extensions.
# Mostly text or HTML - "text/plain", gif images - "image/gif",
# compiled porgrams - "application/octet-stream"
DefaultType text/plain
# DefaultType image/gif
# DefaultType application/octet-stream
# Customizable error response. Three styles:
# 1. Plain Text - the (") marks it as text, it does not get output
#ErrorDocument 500 "The server made a boo boo.
# 2. Local Redirects - e.g. To redirect to local URL /missing.html
#ErrorDocument 404 /missing.html
#ErrorDocument 404 /cgi-bin/missing_handler.pl
# 3. External Redirects (All env. variables don't go to the redirected location)
#ErrorDocument 402 http://some.other_server.com/subscription_info.html
# Mosaic/X 2.1+ browsers can uncompress information on the fly
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
#Content negotiation directives
#AddLanguage fr .fr
# Just list the languages in decreasing order of preference.
LanguagePriority en fr it
.htaccess examples