Skip to content | Change text size
 

Directory-Level Apache Configuration Files

Introduction

This document describes the format of dynamic configuration files, files which you place in your document directories to give the server configuration information for your area. For the current server we run, Apache , the file is called .htaccess

What can I use directory-level configuration for?

Web server content is seldom entirely managed by one person. Many times, different parts of a web server are written by different people. For instance, each employee may maintain their own home page.

With this feature, you can control more about your home pages in your public information directories. You can apply access control or customize error messages without having to use CGI or parsed HTML.

What can I put in my .htaccess file?

The file may contain blank lines, and lines which begin with a hash sign (#) will be treated as comments and ignored. Valid directives are explained below.

How do I add support for a new MIME type?

AddType mime-type extension extension...

AddType specifies a new MIME type, and the extensions of files that are of that type. For instance, if you have some files with the extension " vrml " that you want to have the MIME type model/vrml , you could add a line saying :

AddType model/vrml vrml

How do I customize the error page?

ErrorDocument error-code document

For the given error code, display the given error document instead of the default one. You can refer to a local or remote URL or CGI script to handle the error. Errors you might want to handle are :

  • 401 - Unauthorized access
  • 403 - Access to this page is forbidden
  • 404 - Page not found
  • 500 - Server error

For instance, if you want to have your own error page for "page not found" errors (maybe you're still finishing off your web pages), you could do this :

ErrorDocument 404 /local/URL/path/under_construction.html

(where /local/URL/path/under_construction.html could be any URL that points to your page explaining that "things aren't finished yet..."

Note : if you're restricting access to your pages (eg. making them "monash only", as mentioned below), you'll need to keep your error document outside the restricted area, otherwise users won't be able to see your error page !

How do I restrict my pages so only Monash hosts can access them? 


# Restrict access to the Monash network, in accordance with 
# the redistribution terms in our license.
order deny,allow
deny from all
allow from 130.194 monash.edu.au

It's a really good idea to put a comment in explaining the purpose of the restriction: maintainers change eventually, but documents can be forever. It's also an excellent idea to put in a custom error document (see above) explaining why the pages are restricted.

A second example: you want to restrict access only to hosts in the sci.monash.edu.au domain. You'd use the following : 

order deny,allow
deny from all
allow from sci.monash.edu.au

How do I put username/password restrictions on my pages?

.htaccess 

AuthName "Enter Something Here"
AuthType basic

AuthUserFile /net/www/path/to/my/web/tree/.htpasswd
require valid-user

The AuthName line specifes some text to be displayed to the user when they are asked for their username and password - eg. with Netscape Navigator, a dialog box appears saying "Enter username for Enter Something Here at www.monash.edu.au:"

The password file

To create the .htpasswd file, telnet to silas and use the htpasswd program:

htpasswd -c htpasswordfile first_username

To add users to a password file:

htpasswd htpasswordfile new_username

Note! - the first time you run htpasswd , you must use the -c flag to tell it to create a new file. Subsequent runs of htpasswd should not use the -c flag, or you'll lose any users you'd put in previously.

Note that users with silas accounts can view your password-protected data (but not the passwords). If this is a problem, contact the ITS Web Team .

More information on .htaccess files

The Apache User's Guide
The Guide contains a complete list of Apache configuration directives, including the .htaccess ones.
Apache Week Features
Apache Week has featured in-depth articles on basic user authentication for regular use and DBM authentication for heavy usage situations.