What is an htaccess File?
The .htaccess file in Apache is a tool that allows configurations at the directory and subdirectory level. Using .htaccess enables you to configure website permissions without altering server configuration files.
This tutorial will show you how to set up and enable htaccess on Apache. Also, it instructs on how to restrict access to specific localizations on the server, manage IP addresses, and redirect traffic.
Note: If you do not have Apache on your system, you can find a step-by-step instruction guide on installing Apache on Ubuntu.
Prerequisites
- A working Apache web server
- Access to a terminal window/command line
- Access to a user account with sudo privileges
- A text editor, such as Nano, included by default
Step 1: Enable Apache .htaccess
By default, the .htaccess file is not enabled.
1. Open the default host configuration file by entering the following command in the terminal:
sudo nano /etc/apache2/sites-available/default
2. Locate the section labeled <Directory /var/www>.
In that section, change the AllowOverride None
entry to all:
AllowOverride All
Save the file and exit.
3. Next, restart the Apache service:
sudo systemctl apache2 restart
Step 2: Create .htaccess File
Like most Linux software packages, Apache functions on configuration files. The .htaccess file is one of these. It works by specifying a setting along with a value.
To create and open the .htaccess file for editing, enter:
sudo nano /var/www/my_website.com/.htaccess
Replace my_website with the name of your actual website. If this file doesn’t exist, your text editor will create it.
Step 3: Restrict Directory Listings
There may be locations on your server that you want to restrict access to. You can do this by creating a list of usernames and passwords that are authorized to have access.
1. Start by creating a new file, .htpasswd in a different directory:
sudo nano /user/safe_location/.htpasswd
Enter a username and password for each user that you want to create. Make sure to use strong passwords, and enter only one username/password pair per line.
Save the file and exit.
2. Next edit .htaccess to enable authentication:
AuthUserFile /user/safe_location/.htpasswd
AuthGroupFile /dev/null
AuthName "Please Enter Password"
AuthType Basic
Require valid-user
Replace /user/safe_location/htpasswd with the location of your choice. Don't store it in the same directory as your web content, for security reasons.
AuthUserFile
- This sets the location for your .htpasswd file.
AuthGroupFile
- We're not using a group, so this is a placeholder.
AuthName
- This is the prompt to the user – you may rephrase if you'd like.
AuthType
- Type of authentication used – don't change this.
Require valid-user
– Allows any one of several authorized people to log on. You could change this to Require user new_user to restrict access only to someone with the username new_user.
Manage IP Addresses
There are many ways you can manage IP addresses:
- Allow only specific IPs.
- Block specific IP addresses.
- Block visitors by the referrer.
Allow IP Addresses
To allow IP addresses, you can switch the behavior to allow a few designated IP addresses, and block the rest.
Enter the commands:
order deny, allow
allow from 192.168.0.54
allow from 192.168.0
Block IP Addresses
To block IP addresses in htaccess, enter: order allow, deny
To block a single IP address, enter this code next: deny from 192.168.0.54
If you leave off the final digit, it will block all IP addresses in the 0 - 255 range:
For Example: deny from 192.168.0
Note: You can save your .htaccess file after each operation listed below. If you’re done making changes, just reload your Apache service before testing. Also, when editing the file, it's helpful to make comments. Use the # sign to mark a line as a comment, which will let you make notes that the system won’t read as commands.
Block Visitors by Referrer
You may want to prevent people from being redirected from a specific site to your server. This might be helpful if you want to isolate traffic patterns. You might also use it if you were getting excess server traffic from a questionable source.
Open the .htaccess file and add the following block:
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} blockeddomain\.com [NC]
RewriteRule .* - [F]
The NC
option instructs to ignore the upper or lower case so that the rule can't be bypassed by entering BlockedDomain.com.
If you want to add more domains, note the following:
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} blockeddomain\.com [NC,OR]
RewriteCond %{HTTP_REFERER} blockeddomain2\.com
RewriteRule .* - [F]
The OR
flag tells the system that you’re not done adding blocked referrers yet. Omit this option on the last entry.
Redirect Traffic
You can use the .htaccess file to redirect traffic.
Open the file and enter the following:
Redirect301/Other_Website.com/index.html/My_Website.com/index.html
This command takes any traffic that’s searching for Other_Website.com and redirects it to My_Website.com.
Set a 404 Page
You can use the .htaccess file to point basic functions to a new location. One example is the 404 page.
1. Open the .htaccess file and enter:
ErrorDocument 404 /404.html
This line tells the system to look at the website’s content directory for a /404.html file as the error page.
2. Create the 404 page using this command:
sudo nano cd /var/www/My_Website.com/public.html/404.html
This should open the 404.html file in your text editor.
3. Next, add the following code:
<!doctype html>
<html>
<body>
404 Error: Page not found
</body>
</html>
This page can now be customized to display any kind of error message you want. You can also customize any other error pages you’d like. Just specify the ErrorDocument number, for example, Error 500 than point .htaccess to the new error.html file that you create.
Conclusion
Enabling .htaccess can be an incredibly valuable tool for managing your Apache web server.
This guide provides basic commands and settings, with some of the most likely scenarios you might encounter.