Sunday, October 12, 2014

Examples of .htaccess - web directory password protected



.htaccess file is used to control the directory access
in Apache web server. Comparing to httpd.conf, 
httpd.conf is global settings for apache.
.htaccess can be applied per folder, overwrite http.conf 
1) Example 1 of .htaccess, prevent directory list
Options -Indexes
You will get message:
"Forbidden
You don't have permission to access /htaccess_test/ on this server."
2) Example 2, will not display .txt file
Options +Indexes
IndexIgnore *.txt

You can not see txt in list, but you still can access, to disable access to txt
<Files "*.txt">
    Order deny,allow
    Deny from all
</Files>
3) Example 3, deny all access
<Files "*">
    Order deny,allow
    Deny from all
</Files>
You will get
"Forbidden
You don't have permission to access /htaccess_test/ on this server."
Remember, no space between deny and allow, or you will get
error message
"Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log."
4)For password protection
 Create encrypted password  for user name jiansen for
 htpasswd -c /var/www/html/htaccess_test/.htpasswd jiansen
File permission:
chmod 644 /var/www/html/htaccess_test/.htpasswd
Make sure it can be read by apache, but can not read by outside
.htaccess: 
AuthType Basic
AuthName "Restricted access"
AuthUserFile  "/var/www/html/htaccess_test/.htpasswd"
Require valid-user
<Files ~ "^\.ht">
  Order allow,deny
  Deny from all
</Files>

Video: Some examples of .htaccess

No comments:

Post a Comment