Forcing .sh, .c, .cpp as Text Files[edit | edit source]

If you are presented with a download window when you click on a .sh or .c file, you may force the content to be a text file on apache by putting the following lines in your .htaccess file:

AddType text/plain .sh
AddType text/plain .c
AddType text/plain .cpp

Hiding Specific Files from Directory Index[edit | edit source]

To hide specific files or directories from the directory index, use the IndexIgnore directive:

IndexIgnore hidden_directory
IndexIgnore "secret stash"
IndexIgnore hidden_file.html

As you would expect, enclose directory with spaces with quotes.

Restricting Access by IP address[edit | edit source]

To allow certain IP address access:

Order deny,allow
Deny from all
Allow from 172.20.1
Allow from 172.18.1

Enabling Directory Index Header[edit | edit source]

If you want your directory index to include a header file, use the HeaderName directive:

HeaderName header.html

Enabling/Disabling Directory Index[edit | edit source]

To enable:

Options +Indexes

To disable:

Options -Indexes

If the above doesn't work, ensure that your apache configuration allows override on directories. Eg:

<Directory />
    Options FollowSymLinks
    AllowOverride All

Fancy Indexing[edit | edit source]

You can enable fancy indexing if it isn't already enabled with:

IndexOptions +FancyIndexing

Alternatively, you could try to use something like for an even fancier index.

Enforce HTTPS using .htaccess[edit | edit source]

To force HTTPS access to your website using .htaccess, append the following:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Require Authentication unless on white-listed IP[edit | edit source]

If you want to protect something with a password unless access is from a set of white listed IP addresses, use the Satisfy any directive like so:

AuthType Basic
AuthName "Please Log In"
AuthUserFile /data/html/.htpasswd
Require valid-user

Order deny,allow
Deny from all
# Allow localhost, 10.1.x.x, and 136.159.16.x
Allow from 10.1 136.159.16

Satisfy any

The Allow from directive takes a list of IP addresses and matches the start of the IP address.

Redirect to HTTPS before Authentication[edit | edit source]

If you need to redirect users to use https:// rather than http:// on a website with .htaccess authentication, do something similar to:

# Force SSL by redirecting to https if not on https
SSLOptions +StrictRequire
SSLRequire %{HTTP_HOST} eq ""
ErrorDocument 403

# Authentication
AuthType Basic
AuthName "Protected"

AuthBasicProvider ldap file
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://,dc=steamr,dc=com"

# Simple file auth
AuthUserFile /path/to/passwd
Require valid-user

Rewrite to index.php[edit | edit source]

To rewrite all non file or directory requests to a specific file (such as index.php), useful for MediaWiki or WordPress for instance, use:

RewriteEngine On
RewriteRule ^(.*)$ index.php [L]