How to disable mod_security on shared hosting via .htaccess

Question: I’m installing a new php cart and get the error :

Your webserver has the mod_security module enabled. As a result, you may see the “403 Forbidden” or “Not Acceptable” error messages after submitting forms that contain “curl”, “perl”, “set”, etc. It is recommended to disable this module or reconfigure it so that these words are not forbidden.*

How can I disable mod_security?

Answer:

To disable mod_security, add the following to a .htaccess file in the base directory for the script you are trying to install.


SecFilterEngine Off
SecFilterScanPOST Off

Hide index.html from URL in address bar

Question: I want users to my site to always go to the base URL http://site.com/ – I never want the index page to show. For example, I want http://site.com/index.html to redirect automatically to http://site.com without the index.html

Answer:

Create a .htaccess file (or add to your existing .htaccess) in the top level directory for your site and add the following line:


RewriteEngine on

RewriteRule ^index\.html$ / [R=301,L]

The line :


RewriteEngine on

may already be in your existing .htaccess. If so, do not duplicate it.

Increase php timeouts with .htaccess

If you are running mod_php you may experience problems with big uploads and imports (or other long running processes).

You can adjust php’s default timeouts using a .htaccess file.

Create a file called .htaccess and put the code:

# increase php time-out limits
php_value max_execution_time 1000
php_value max_input_time 1000

inside it. Put the .htaccess file into the top-most directory of your site. If you already have a .htaccess
file, add the code above to the end of it.

This should solve you problem in most cases.

If it does not, try to increase the times (1000). If the problem persists, open a support ticket and include the URL, click path and any needed usernames and passwords. We will duplicate the problem and attempt to adjust your php execution times to make your script work.

Note: if you are running php as a cgi, you’ll need to adjust your /etc/php.ini file. Adding directives to .htaccess files has no effect on installs using php-cgi.

Running a different php version for only part of my website

Update: for newer accounts use :

php-script

instead of

custom-php

You can also set the php version on a per-directory basis (for testing, development, etc.). To run a different php version on part of your site, perform the following.

Create a .htaccess file :

.htaccess

(the leading dot is required)

inside the top level directory for which you want to change the php version.

Inside the file put the lines:

AddHandler custom-php .php .pcgi .phtml .inc .phtml~ .php~ .inc~ .html~
Action custom-php /cgi-sys/php5.6

some users may need the following instead:

Action php-script /cgi-sys/php7
AddHandler php-script .php .maml .html .css .mss .pcgi .phtml .inc .phtml~ .php~ .inc~ .html~

Replace php5.6 with which ever version you want to run
You can also add other file extensions to the list in the first line.

Depending upon the server and current php verison, you can choose from among:

/cgi-sys/php8.1
/cgi-sys/php7
/cgi-sys/php7.4
/cgi-sys/php5.6

etc.

In general, many php<major-version>.<minor-version> will work. The possible versions may vary. Contact support if a version you need is missing.

Historical Notes:

The following no longer is allowed. This is kept for historical reference:

To run a part of your site as mod_php, add this line to a .htaccess in the directory you want to run as mod_php :


AddHandler application/x-httpd-php .php3 .phtml .php .php4 .php~ .php3~ .php4~ .phtml~ .inc .inc~

.htaccess versus php.ini for php options

Question:

What is the difference between php.ini and .htaccess for php options? When should I use php.ini and when should I use .htaccess?

Answer:

You should use .htaccess only when you are running php via mod_php. This is a setting in your control panel “php” section.

php options inside .htaccess files have no effect when running as a cgi.

You can change your php versions from cgi to mod_php inside your control panel in the php section.

When php is run as mod_php, php is built into the webserver and the webserver can understand the php directives inside .htaccess

When php is running as a cgi, the webserver does not understand the php directives inside a .htaccess file. Instead you must create the directy “etc” and put a php.ini file inside it. When your php parser starts it will read these the directives inside php.ini and process them.

php_include override doesn’t work

Question:

Hi,

I can not override the php include_path from my .htaccess file. Running my php script gives ‘failure opening xxx.inc’ and still lists the default include path!

I’m sure my syntax is correct – why won’t this work?

Answer:

I noticed you are using one of the cgi-based php versions. When running these you must use your own php.ini file.

.htaccess has no effect. .htaccess only works with the mod_php apache module.

To set php options using the cgi-based php versions, do the following:

1. Create the directory /home/your_username/etc/

2. Put your own custom php.ini file

This will solve the problem.

How to password protect a directory (htpasswd + htaccess)

Password protecting a directory with .htaccess and .htpasswd

There may be parts of your site that you wish to restrict or allow access by “authorized users” only. You may have a family photo album or just some private files that you only want certain people to have access to.

To add a username/password pop-up box to a specific directory, follow these steps –

1. You must have SSH access. This cannot be done via ftp. If you have not already requested SSH access, please stop and submit a request for SSH access from the helpdesk section of your control panel. You will receive a confirmation email once SSH access has been granted within 24 hours. Once SSH access has been granted, proceed to step 2.

2. Create or open the directory you wish to protect.

If the directory already exist, type cd location/of/directory/

(Example – cd www/pictures/private_pictures/)

If you need to create the directory, type mkdir location/you/wish/

(Example – mkdir -p www/pictures/private_pictures)

3. Once you are in the directory that you wish to protect, use an editor such as vi or emacs to create a file called .htaccess (lower case letters with the leading period) that looks just like this:

AuthUserFile /home/YOUR_ACCOUNT_USERNAME/.htpasswd
AuthGroupFile /dev/null
AuthName “TITLE YOU WANT TO APPEAR ON THE PASSWORD BOX”
AuthType Basic
require valid-user

4. To create the password file, issue the following command –

htpasswd -c /home/YOUR_ACCOUNT_USERNAME/.htpasswd USER_NAME

(replace USER_NAME with the username you would like visitors to enter to gain access to the protected directory)

If you later on need to update a users password, use this:

htpasswd /home/YOUR_ACCOUNT_USERNAME/.htpasswd NEW_USER_NAME

(the same command without the -c option. The -c option tells htpasswd to create a new file. If you don’t use it, it will add a new user to the file).

5. The system will ask you to enter the password for this user.

6. If you wish to add multiple users, use the same command in step 4, but without the -c

htpasswd /home/YOUR_ACCOUNT_USERNAME/.htpasswd ANOTHER_USERNAME

(The -c option in step 4 is only for the initial creation of the file)

That’s all there is to it! If you experience any unexpected problems, or you change your mind about restricting access, just issue the command ‘rm .htaccess’ to remove (or use the regular delete function in your ftp program to delete the .htaccess file).

No input file specified – php custom 404 errors

Question:

I am trying to create a custom 404 using php. However I just get the error “No input file specified”

Any ideas?

Answer:

This occurs when you are running php as a cgi and an non-existant php page is called. When php runs as a cgi the webserver never checks for valid files – it just sends the request straight to the php parser. The php parser does not return a 404, instead it errors with “No input file specified”

Add the following to your .htaccess (or create a .htaccess file if you don’t already have one) and it should fix it

RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteRule ^.+.php$ /file_that_does_not_exist

The code above will cause the server to check for valid files first and redirect to a file that does not exist and trigger the 404.

Google sitemap verification error (404 versus 200)

Question:

I have submitted my sitemap to google. During the verifiction process, google reports an error from their verification saying that the server is reporting a status 200 instead of an error 404.

Could you assist with this?

Answer:

This occurs when you are running php as a cgi and a non-existant php page is called. When php runs as a cgi the webserver never checks for valid files – it just sends it straight to the php parser. The php parse does not return a 404, instead it errors with “No input file specified”

Add the following to your .htaccess (or create a .htaccess file if you don’t already have one) and it should fix it

RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteRule ^.+.php$ /file_that_does_not_exist

The code above will cause the server to check for valid files first and redirect to a file that does not exist and trigger the 404.

session.auto_start

Question:

I am trying to use sessions in a php script. But, after reading some documentation I realized that the following line needs to be added to the php.ini file

session.auto_start = 1

Could you please add this line for the php.ini file for my account?

Answer:

You can add any php.ini command to your account by creating a .htaccess file.

I created a .htaccess file in your www dir with the command

php_value session.auto_start 1

in it. This should do what you want.