Include another htaccess file from .htaccess

Asked 30/11, 2012 at 7:4 Answered 21/3 at 15:8

Is it possible to do include rules from another htaccess file in .htaccess ?

.htaccess

RewriteEngine On
RewriteCond ...
RewriteRule ...

Include .htaccess1
.
.
Include .htaccess2

Doing this gives a 500. Include not allowed here Is there a way to do this ? Because I need this pretty badly.

Fugazy answered 30/11, 2012 at 7:4 Comment(3)

There will be only 1 .htacess for a folder location – Geesey 30/11, 2012 at 7:7

Yes, I understand that. But can we include externally like the way its done in apache2.conf ? .htaccess say Include htaccessfiles/ – Fugazy 30/11, 2012 at 7:13

IP BAN list in txt file - #13008742 – Deploy 22/2, 2021 at 17:24

You can't include rules, statements, definitions, or directives from other files from an htaccess file. The Include directive can't be used inside an htaccess file. Part of the point of an htaccess file is to act similarly to a <Directory> block but be self contained and unable to access things outside of the directory itself (subdirectories are ok) but more specifically nothing outside of the document root. This way, someone doing malicious things won't be able to point requests or include files/content from other directories by hacking the htaccess file.

In the scope of mod_rewrite specifically, there are options for the RewriteOptions that allow inheriting rewrite rules from the htaccess file from a parent directory, but nothing to arbitrarily include rules from anywhere.

Expulsion answered 30/11, 2012 at 7:32 Comment(0)

I know this may be a little late, but instead if you are attempting to implement an IP ban, or similar type of dynamic rule content, use the very last rule in your .htaccess file to point the request at a single .php or similar languaged script that performs this function (your single script can load the dynamic rules in your own format and make that same decision as Apache would have depending on what your actually trying to accomplish) then passes the request on to the actual page being requested. It adds a layer to the whole request processing, but gives the same dynamic function to all pages without the need to generate direct rules for the server and attempting to have Apache make the decisions for you.

Just thought I would add this thought for anyone else who may stumble across this post looking for something similar.

Burgage answered 25/5, 2014 at 12:48 Comment(5)

I would like to see an example of how to do this, if anyone can provide. – Billman 7/1, 2015 at 0:6

@Jonathan I feel like you've brought me so close to the solution I seek but I'm still in the dark. My goal is to import a list of banned IPs and then load Wordpress' index.php – Euplastic 13/4, 2017 at 17:5

@Euplastic just look up htaccess ban ips if you're using a htaccess file with apache. If you're using nginx, you can also do it there. If you want to do it programmatically, well, that's your own question for stack overflow – Luckily 13/4, 2017 at 17:8

Yeah I've already got IPs being banned in htaccess but updating them for 50+ sites is a pain. I need a @import: site.com/banlist.txt basically. – Euplastic 13/4, 2017 at 17:12

I implemented this using a couple of apache RewriteCond's, a RewriteRule with the END tag, and a PHP script using curl, and while it DID work, it was VERY slow. – Photogram 28/12, 2022 at 18:26

It is possible - in 2-3 steps...

Create your file of IPs to Deny. It could be a .php file, .txt file, even .csv file.
Create a .php (or language of your choice) script, which purpose is to output a file named ".htaccess".
Every time you update your file of IPs to Deny, run the said 2) .php script, and output a new .htaccess, to each of your Domains.

If you have statements in addition to IPs to Deny, hard code them in your .php script to output first. See https://www.askapache.com/htaccess/

The .php script could generically look like:

$output = "statement1".PHP_EOL;
$output .= "statement2".PHP_EOL;
$output .= "statement3".PHP_EOL;
...

Then, when you're ready for the DENY portion:

$denyList = file_get_contents("the/list/of/IPs.txt"); // or .php etc.
$ArrayDenyList = explode(PHP_EOL,$denyList); // or your line ending character, if necessary
foreach($ArrayDenyList as $key =>$value) {
$output .= 'Deny from '.$value.PHP_EOL;
  }

Then write the file: (you probably have a standard way):

$handle = fopen(.htaccess,"w"); //complete path if in another domain
fwrite($handle,$output);
fclose($handle);
echo "Success - <p>";

If you have more than one Domain, then have an Array of those Domain name's path, and foreach that Array, and fwrite to each path.

If some Domains already have .htaccess requirements, put that in a readable .txt file... do a file_get_contents(on that), "output =" that, add the "Deny's, then "output .= ..." each in a "foreach()" loop.

Anyway... you've done all these things before... just apply each technique to this scenario.

An .htaccess file can't "include()" other files, but a .php script can, and .php scripts can output files named ".htaccess", that can be built by script.

The above method works, and I started doing it when I needed to create rows of "RewriteRule" for each of my catalog of products! Every time I add a new product, I run my script that outputs a fresh .htaccess file... built from my SQL table of products. Similar to my .php script that "fwrite"s my sitemap.xml.

(I hope no .php punctuation or "$"s got lost in this typing.)

Diggins answered 26/11, 2017 at 23:44 Comment(1)

e.g. I want to use htaccess file in www.domain2.com from www.domain2.com. Please write the code for this clearly. And which file contains those code? And Where I put this file. please help. – Artful 30/6, 2018 at 12:32

I used this small PHP script before switching to fail2ban. Here is the code in case someone needs it.

Basically it appends an automatically generated block of deny rules to .htaccess files, similar to cPanel, and overwrites only that block over and over.

<?php
$subdomains_path_to_check = "/home/xxxx/application/domains/*";
$subdomains               = glob($subdomains_path_to_check);

// I have a CSV file with these IPS populated from multiples sources
// IP, date, reason
$file = fopen('banned_ips.csv', 'r');

// Create deny block
$block_start_text = '# php_auto_generated|banned_ips_start|do_not_edit';
$block_end_text   = '# php_auto_generated|banned_ips_end|do_not_edit';

// Deny block starts with this
$deny_block = [$block_start_text];
// Create deny rules  
while (($line = fgetcsv($file)) !== FALSE) {
    $deny_block[] = "Deny from {$line[0]} # Date: {$line[1]} | Reason: {$line[2]} \n";
}
fclose($file);
// Deny block ends with this
$deny_block[] = $block_end_text;

// Create deny block from all components above
$deny_block_txt = join('\n', $deny_block);

// Clean and overwrite htaccess files
foreach ($subdomains as $path_to_subdomain) {
    $htacces_path = $path_to_subdomain . '/.htaccess';
    if (file_exists($htacces_path)) {
        $htaccess_content = file_get_contents($htacces_path);
        // matches anything that starts with $block_start_text and ends with $block_end_text
        $regex_rule_to_clean_it = '/' . preg_quote($block_start_text) . '.*' . preg_quote($block_end_text) . '/gs';

        // Clean previous rules
        $htaccess_content = preg_replace($regex_rule_to_clean_it, '', $htaccess_content);

        // Append new rules
        $htaccess_content .= '\n\n' . $deny_block_txt;
        file_put_contents($htacces_path, $htaccess_content);
    }
}
?>

Katlin answered 21/3 at 15:8 Comment(0)

-7

You can create server side script like PHP ".htaccess.php" and inside put your includes. Of course, you must configure apache: AccessFileName .htaccess.php

Booboo answered 31/10, 2015 at 12:36 Comment(2)

not sure why all the downvotes, this is an interesting approach – Luigiluigino 9/2 at 17:7

The question is about .htaccess, not about altering the main Apache config which this answer involves. – Ides 12/3 at 8:25

Recommended topics

Hot tags