Farid Ahmadian / DevOps

htaccess and htpasswd in Apache server

Public domain


/etc/httpd/conf/httpd.conf

<Directory "/var/www/html">
.
.
AllowOverride All
.
.
</Directory>

/var/www/html/private/.htaccess

AuthUserFile /var/www/html/private/.htpasswd
AuthName "My Private DIR"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>

Add user

Use -c for fist user

# htpasswd -c /var/www/html/private/.htpasswd admin

# chmod 644 /var/www/html/private/.htaccess
# chmod 644 /var/www/html/private/.htpasswd

Force files to download

On your command line:

Install mod_headers
sudo a2enmod headers
service apache2 restart

and then in your htaccess file add following lines:

<Files *.*>
        ForceType application/octet-stream
        Header set Content-Disposition attachment
</Files>

File access restriction

<Files "TED.mp4">
Order deny,allow
Deny from all
Allow from 78.38.35.253 198.23.143.251
</Files>

htaccess Troubleshooting

First, note that restarting httpd is not necessary for .htaccess files. .htaccess files are specifically for people who don't have root - ie, don't have access to the httpd server config file, and can't restart the server. As you're able to restart the server, you don't need .htaccess files and can use the main server config directly.

Secondly, if .htaccess files are being ignored, you need to check to see that AllowOverride is set correctly. See http://httpd.apache.org/docs/2.4/mod/core.html#allowoverride for details. You need to also ensure that it is set in the correct scope - ie, in the right block in your configuration. Be sure you're NOT editing the one in the block, for example.

Third, if you want to ensure that a .htaccess file is in fact being read, put garbage in it. An invalid line, such as "INVALID LINE HERE", in your .htaccess file, will result in a 500 Server Error when you point your browser at the directory containing that file. If it doesn't, then you don't have AllowOverride configured correctly.

Configure Apache mod_rewrite

a2enmod rewrite

add the following code to /etc/apache2/sites-available/default

AllowOverride All

Restart apache

/etc/init.d/apache2 restart

BY: Pejman Moghadam, Farid Ahmadian
TAG: htaccess, htpasswd, apache
DATE: 2015-04-25 00:21:22


Farid Ahmadian / DevOps [ TXT ]

With many thanks and best wishes for dear Pejman Moghadam, someone who taught me alot in linux and life :)