Apache Configuration

Apache web servers have two main places for configuration information:
- Config file
- Per-directory .htaccess files
University departments can only change .htaccess files on the ITS servers, not the Config.
.htaccess files are reread upon every hit within that directory

What can departments do with .htaccess?

The dot in .htaccess makes it a 'hidden' Unix file. It is not listed in a normal directory listing.
Plain text file
Comments are marked with a hash (#) at the start of the line.
# this is a commented-out line
It needs to be readable by the server ('world' readable), which can be a security problem.

There is a Monash Default 404 error page.
Departments can create their own, such as Psychology's
Usage:
ErrorDocument 404 errors/404.html
You can also have error documents created by CGI:
ErrorDocument 404 /psych/cgi-bin/error/error?404
An example of the power of customized error documents is for telling people why their authentication failed

Server-side includes are macros within HTML expanded on the fly
- Dynamically
- Conditionally
Usage:
AddType text/html .shtml AddHandler server-parsed .shtml
See Apache's Handler Use and mod_include documentation for more information.
ITS has documentation on Server Side Includes at Monash

Environment variables contain information used by server-side includes and CGI.
- For instance, an SSI statement: <--#echo SITE_WEBMASTER -->
Setting, unsetting:
SetEnv SITE_WEBMASTER "Aaron Wigley" SetEnv SITE_WEBMASTER_URI mailto:Aaron.Wigley@sci.monash.edu.au UnSetEnv REMOTE_ADDR

The type of file depends on the filename extension.
- Unrecognized file extensions are treated as text data, and corrupted on download.
Examples:
AddType application/x-endnote-connection enz AddType application/x-endnote-filter enf AddType application/x-spss-savefile sav

.htaccess files provide a number of different ways to restrict documents:
- by accessor host address
- by browser type
- by accessor HTTP Basic credentials
- by phase of moon...
Monash-only access:
order deny,allow deny from all allow from 130.194 monash.edu.au

Monash Authcate credentials:
order deny,allow deny from all AuthType Basic AuthName "Monash Directory Service" AuthLDAP on AuthLDAPServer ldap://directory.monash.edu.au/ AuthLDAPBase "o=Monash University, c=au" require valid-user
It is possible to restrict who can access it even further
- Staff only
- Students only
- By Subject enrolment
- Specific individuals
See the ITS documentation on MDS HTTP Authentication
For restricting access so that non-Monash people can access it, consider AuthUserFile.

Normally .htaccess applies to the entire directory
With the <Files> directive you can restrict it to specific files:
<Files quiz.html> order deny,allow deny from all AuthType Basic AuthName "Monash Student Authcate" AuthLDAP on AuthLDAPServer ldap://directory.monash.edu.au/ AuthLDAPBase "ou=Student, o=Monash University, c=au" require valid-user satisfy any </Files>
Another example - protecting the .htaccess file itself:
<Files .htaccess> order deny,allow deny from all </Files>
<FilesMatch> does the same except using a regular expression wildcard.

The server can be instructed to send a redirection back to the client whenever a particular URL is requested
Several different types of redirection:
- permanent - the resource has moved permanently
- temp - it has temporarily moved elsewhere
- seeother - the resource has been replaced
- gone - it has been permanently removed
Usage:
Redirect permanent /psych/subject/timetable http://www.sci.monash.edu.au/psych/subject/ttable Redirect gone /psych/subject/1998 Redirect seeother /psych/subject/1999/ /psych/subject/2000/
The redirection applies to all documents under that URI path (eg., /psych/subject/1999/psy1011/books.html will be redirected to /psych/subject/2000/psy1011/books.html).
See the Apache documentation on the Redirect statement for detailed information.

Unlike Redirect, the client is unaware of any server-side rewriting of the URL.
Rewrite rules are applied repeatedly to the URL to change it into another URL.
Example:
RewriteEngine on RewriteBase /psych RewriteRule test/printenv(.*) cgi-bin/printenv$1
The bracket-dot-star-bracket has special meaning: it is a regular expression

Patterns ("wildcards") are matched against a string
Normal alphanumeric characters are treated as normal
Special characters:
- . (full stop) - match any character
- * (asterix) - match zero or more of the previous symbol
- + (plus) - match one or more of the previous symbol
- ? (question) - match zero or one of the previous symbol
- \? (backslash-something) - match special characters
- ^ (caret) - match the start of a string
- $ (dollar) - match the end of a string
- [set] - match any one of the symbols inside the square braces.
- (pattern) - grouping, remember what the pattern matched as a special variable
Examples:
- a+ matches "a", "aaaa", "aaaaaaaaaaaa", but not "bbb"
- [ab]+ matches, "a", "b", or any length combination of the two
- \.s?html? matches ".htm", ".shtm", ".html" or ".shtml"
- (.+)/1999/(.+) matches "subject/1999/psy1011/", and also stores "subject" in $1 and "psy1011/" in $2.
Regular expressions are very extensive.
- Documentation on silas: man regex
- Friedl (1997). Mastering Regular Expressions. O'Reilly.

Rewrites can be conditional, for example, rewrite only if the file could not be found:
RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.+)errata\.html?$ cgi-bin/errata/errata-html/$1 RewriteCond %{REQUEST_FILENAME} !-f RewriteRule images/barcode/(.*).gif cgi-bin/barcode/mkgif?$1
RewriteCond is very powerful. You can test on environment variable values:
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.* RewriteRule ^/$ /homepage.max.html [L] RewriteCond %{HTTP_USER_AGENT} ^Lynx.* RewriteRule ^/$ /homepage.min.html [L] RewriteRule ^/$ /homepage.std.html [L]
Full information on RewriteCond can be found within the Apache documentation on mod_rewrite
The Apache URL Rewriting Guide is strongly recommended. Typical problems are presented along with their solution.