htaccess

From Leo's Notes
Last edited on 14 June 2020, at 23:22.


Forcing .sh, .c, .cpp as Text Files

If you are presented with a download window when you click on a .sh or .c file, you may force the content to be a text file on apache by putting the following lines in your .htaccess file: 

AddType text/plain .sh
AddType text/plain .c
AddType text/plain .cpp

Hiding Specific Files from Directory Index

To hide specific files or directories from the directory index, use the IndexIgnore directive: 

IndexIgnore hidden_directory
IndexIgnore "secret stash"
IndexIgnore hidden_file.html

As you would expect, enclose directory with spaces with quotes.

Restricting Access by IP address

To allow certain IP address access: 

Order deny,allow
Deny from all
Allow from 172.20.1
Allow from 172.18.1

Enabling Directory Index Header

If you want your directory index to include a header file, use the HeaderName directive: 

HeaderName header.html

Enabling/Disabling Directory Index

To enable: 

Options +Indexes

To disable: 

Options -Indexes

If the above doesn't work, ensure that your apache configuration allows override on directories. Eg: 

<Directory />
    Options FollowSymLinks
    AllowOverride All
</Directory>

Fancy Indexing

You can enable fancy indexing if it isn't already enabled with: 

IndexOptions +FancyIndexing

Alternatively, you could try to use something like https://github.com/Vestride/fancy-index for an even fancier index.

Enforce HTTPS using .htaccess

To force HTTPS access to your website using .htaccess, append the following: 

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


Require Authentication unless on white-listed IP

If you want to protect something with a password unless access is from a set of white listed IP addresses, use the Satisfy any directive like so: 

AuthType Basic
AuthName "Please Log In"
AuthUserFile /data/html/.htpasswd
Require valid-user

Order deny,allow
Deny from all
# Allow localhost, 10.1.x.x, and 136.159.16.x
Allow from 127.0.0.1 10.1 136.159.16

Satisfy any

The Allow from directive takes a list of IP addresses and matches the start of the IP address.


Redirect to HTTPS before Authentication

If you need to redirect users to use https:// rather than http:// on a website with .htaccess authentication, do something similar to: 

# Force SSL by redirecting to https if not on https
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "steamr.com"
ErrorDocument 403 https://steamr.com/

# Authentication
AuthType Basic
AuthName "Protected"

# LDAP
AuthBasicProvider ldap file
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://auth.steamr.com/ou=People,dc=steamr,dc=com"

# Simple file auth
AuthUserFile /path/to/passwd
Require valid-user

Rewrite to index.php

To rewrite all non file or directory requests to a specific file (such as index.php), useful for MediaWiki or WordPress for instance, use: 

RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
RewriteRule ^(.*)$ index.php [L]
Various Linux Notes
Linux Tools and Utilites
Package Management
Linux Distributions
Networking
Containers