What is an htaccess file?

The .htaccess file in Apache is a tool that allows configurations at the directory and subdirectory level. Using .htaccess enables you to configure website permissions without altering server configuration files.

This tutorial will show you how to set up and enable htaccess on Apache. Also, it instructs on how to restrict access to specific localizations on the server, manage IP addresses and redirect traffic.

how to enable and set up htaccess file on apache


Note: If you do not have Apache on your system, you can find a step-by-step instruction guide on installing apache.


Prerequisites

  • A working Apache web server
  • Access to a terminal window/command line
  • Access to a user account with sudo privileges
  • A text editor, such as Nano, included by default

Step 1: Enable Apache .htaccess

By default, the .htaccess file is not enabled.

1. Open the default host configuration file by entering the following:

sudo nano /etc/apache2/sites-available/default

2. Locate the section labeled <Directory /var/www>.
In that section, change the AllowOverride entry to all:

AllowOverride All

htaccess AllowOverride All command

Save the file and exit.

3. Next, restart the Apache service:

sudo systemctl apache2 restart

Step 2: Create .htaccess file

Like most Linux software packages, Apache functions on configuration files. The .htaccess file is one of these. It works by specifying a setting along with a value.

To create and open the .htaccess file for editing enter:

sudo nano /var/www/my_website.com/.htaccess

Replace my_website with the name of your actual website. If this file doesn’t exist, your text editor will create it.

Step 3: Restrict Directory Listings

There may be locations on your server that you want to restrict access to. You can do this by creating a list of usernames and passwords that are authorized to have access.

1. Start by creating a new file, .htpasswd in a different directory:

sudo nano /user/safe_location/.htpasswd

Enter a username and password for each user that you want to create. Make sure to use strong passwords, and enter only one username/password pair per line.

Save the file and exit.

2. Next edit .htaccess to enable authentication:

AuthUserFile /user/safe_location/.htpasswd

AuthGroupFile /dev/null

AuthName "Please Enter Password"

AuthType Basic

Require valid-user

restrict directory listing in apache wit htaccess

Replace /user/safe_location/htpasswd with the location of your choice. Don’t store it in the same directory as your web content, for security.

AuthUserFile – This sets the location for your .htpasswd file.

AuthGroupFile – We’re not using a group, so this is a placeholder.

AuthName – This is the prompt to the user – you may rephrase if you’d like.

AuthType – Type of authentication used – don’t change this.

Require valid-user – Allows any one of several authorized people to log on. You could change this to Require user new_user to restrict access only to someone with the username new_user.

Manage IP addresses

There are many ways you can manage IP addresses:

  1. Allow only specific ones
  2. Block specific IP addresses
  3. Block visitors by referrer

Allow IP addresses

To allow IP addresses you can switch the behavior to allow a few designated IP addresses, and block the rest.

Enter the commands:

order deny, allow 

allow from 192.168.0.54

allow from 192.168.0 

allow ip addresses example

Block IP addresses

To block IP addresses in htaccess, enter: order allow,deny

To block a single IP address, enter this code next: deny from 192.168.0.54

If you leave off the final digit, it will block all IP addresses from 0 – 255:

For Example: deny from 192.168.0

blocking all ip addresses with htaccess


Note: You can save your .htaccess file after each operation listed below. If you’re done making changes, just reload your Apache service before testing. Also, when editing the file, it’s helpful to make comments. Use the # sign to mark a line as a comment, which will let you make notes that the system won’t read as commands.


Block visitors by referrer

You may want to prevent people from being redirected from a specific site to your server. This might be helpful if you want to isolate traffic patterns. You might also use it if you were getting excess server traffic from a questionable source.

Open the .htaccess file and add the following block:

RewriteEngine on

# Options +FollowSymlinks

RewriteCond %{HTTP_REFERER} blockeddomain\.com [NC]

RewriteRule .* - [F]

The NC option tells it to ignore upper or lower case, so that the rule can’t be bypassed by entering BlockedDomain.com.

If you want to add more domains, note the following:

RewriteEngine on

# Options +FollowSymlinks

RewriteCond %{HTTP_REFERER} blockeddomain\.com [NC,OR]

RewriteCond %{HTTP_REFERER} blockeddomain2\.com

RewriteRule .* - [F]

The OR flag tells the system that you’re not done adding blocked referrers yet. Omit this option on the last entry.

Redirect traffic

The .htaccess file can be used to redirect traffic.

Open the file then enter the following:

Redirect301/Other_Website.com/index.html/My_Website.com/index.html

This takes any traffic that’s searching for Other_Website.com and redirects it to My_Website.com.

Set a 404 page

You can use the .htaccess file to point basic functions to a new location. One example is the 404 page.

1. Open the .htaccess file and enter:

ErrorDocument 404 /404.html

This tells the system to look at the website’s content directory for a /404.html file as the error page.

2. Create the 404 page:

sudo nano cd /var/www/My_Website.com/public.html/404.html

This should open the 404.html file in your text editor.

3. Next, add the following code:

<!doctype html>

<html>

 <body>

   404 Error: Page not found

 </body>

</html>

404 page not found coding setup

This page can now be customized to display any kind of error message you want. You can also customize any other error pages you’d like. Just specify the ErrorDocumen number, for example, Error 500 than point .htaccess to the new error.html file that you create.

Conclusion

Enabling .htaccess can be an incredibly valuable tool for managing your Apache web server.

This guide barely scratches the surface, with some of the most likely scenarios you might encounter.