Anand's Space :: My Studio of Thoughts!

Enabling `.htaccess` on your preferred location in Apache Server

05 May 2016

Thanks to my friend, Thilak, for helping me with this content.

Important Notes

  • .htaccess is short for Hypertext Access, and is a configuration file used by Apache-based web servers

  • The .htaccess file is a configuration file that resides in a directory and indicates which users or groups of users can be allowed access to the files contained in that directory.

  • Used for configuration of site-access issues, such as URL redirection, URL shortening, Access-security control (for different webpages and files), and more.

  • .htaccess : It is an hidden file. Using .htaccess files lets you control the behavior of your site or a specific directory on your site.

  • .htaccess files (or “distributed configuration files”) provide a way to make configuration changes on a per-directory basis.

Using an .htaccess file, you can:

  • Customize the Error pages for your site.
  • Protect your site with a password.
  • Enable server-side includes.
  • Deny access to your site based on IP.
  • Change your default directory page (index.html).
  • Redirect visitors to another page.
  • Prevent directory listing.
  • Add MIME types.

Advantages

Immediate changes :

Because .htaccess files are read on every request, changes made in these files take immediate effect as opposed to the main configuration file which requires the server to be restarted for the new settings to take effect.

Non-privileged users :

The use of .htaccess files allows such individualization, and by unprivileged users – because the main server configuration files do not need to be changed.

Disadvantages:

Performance loss :

For each HTTP request, there are additional file-system accesses for parent directories when using .htaccess, to check for possibly existing .htaccess files in those parent directories which are allowed to hold .htaccess files. It is possible to programatically migrate directives from .htaccess to httpd.conf if this performance loss is a concern.[11]

Security :

Allowing individual users to modify the configuration of a server can cause security concerns if not set up properly.

htaccess Configuration:

  1. Create a file called .htaccess in the directory you want to password-protect with the follwing content: 
    AuthUserFile /your/path/.htpasswd
AuthName "Authorization Required"
AuthType Basic
Require valid-user
  2. Then create the file /your/path/.htpasswd which contains the users that are allowed to login and their passwords. We do that with the htpasswd command:
htpasswd -c /path/to/your/.htpasswd user1

Eg : sudo htpasswd -c /var/www/web/.htpasswd username

  1. You can see your crypted password in 
    sudo more  /your/path/.htpasswd
  2. Add these entries in sudo nano /etc/apache2/sites-available/<site-default-conf-file>
<Directory path-to-directory-which-needs-to-have-htaccess>
AllowOverride All
</Directory>
  1. Restart the apache service sudo service apache2 restart

Related Posts