Forcing .sh, .c, .cpp as Text Files[edit]

If you are presented with a download window when you click on a .sh or .c file, you may force the content to be a text file on apache by putting the following lines in your .htaccess file:

AddType text/plain .sh
AddType text/plain .c
AddType text/plain .cpp

Hiding Specific Files from Directory Index[edit]

To hide specific files or directories from the directory index, use the IndexIgnore directive:

IndexIgnore hidden_directory
IndexIgnore "secret stash"
IndexIgnore hidden_file.html

As you would expect, enclose directory with spaces with quotes.

Restricting Access by IP address[edit]

To allow certain IP address access:

Order deny,allow
Deny from all
Allow from 172.20.1
Allow from 172.18.1

Enabling Directory Index Header[edit]

If you want your directory index to include a header file, use the HeaderName directive:

HeaderName header.html

Enabling/Disabling Directory Index[edit]

To enable:

Options +Indexes

To disable:

Options -Indexes

If the above doesn't work, ensure that your apache configuration allows override on directories. Eg:

<Directory />
    Options FollowSymLinks
    AllowOverride All
</Directory>

Fancy Indexing[edit]

You can enable fancy indexing if it isn't already enabled with:

IndexOptions +FancyIndexing

Alternatively, you could try to use something like https://github.com/Vestride/fancy-index for an even fancier index.

Enforce HTTPS using .htaccess[edit]

To force HTTPS access to your website using .htaccess, append the following:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


Require Authentication unless on white-listed IP[edit]

If you want to protect something with a password unless access is from a set of white listed IP addresses, use the Satisfy any directive like so:

AuthType Basic
AuthName "Please Log In"
AuthUserFile /data/html/.htpasswd
Require valid-user

Order deny,allow
Deny from all
# Allow localhost, 10.1.x.x, and 136.159.16.x
Allow from 127.0.0.1 10.1 136.159.16

Satisfy any

The Allow from directive takes a list of IP addresses and matches the start of the IP address.


Redirect to HTTPS before Authentication[edit]

If you need to redirect users to use https:// rather than http:// on a website with .htaccess authentication, do something similar to:

# Force SSL by redirecting to https if not on https
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "steamr.com"
ErrorDocument 403 https://steamr.com/

# Authentication
AuthType Basic
AuthName "Protected"

# LDAP
AuthBasicProvider ldap file
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://auth.steamr.com/ou=People,dc=steamr,dc=com"

# Simple file auth
AuthUserFile /path/to/passwd
Require valid-user


Enable Dark Mode!