Apache

 
 
Apache is a powerful and flexible HTTP/1.1 compliant web server. Originally designed as a replacement for the NCSA HTTP Server, it has grown to be the most popular web server on the Internet. As a project of the Apache Software Foundation, the developers aim to collaboratively develop and maintain a robust, commercial-grade, standards-based server with freely available source code.

The Apache HTTP Server is distributed at no charge for commercial or non-commercial use. For more information read the LICENSE.txt file.

Apache can be used with Microsoft Windows. The Apache HTTP Server Version 2.0 runs under Windows NT, Windows 2000 and Windows XP. You should download the version of Apache for Windows with the .msi extension. This is a single Microsoft Installer file containing Apache, ready to install and run.

The latest Apache HTTP Server version can be downloaded from: http://httpd.apache.org/
The latest Apache 1.3 documentation can be found at: http://httpd.apache.org/docs/1.3/
The latest Apache 2.0 documentation can be found at: http://httpd.apache.org/docs/2.0/
The latest Apache 2.2 documentation can be found at: http://httpd.apache.org/docs/2.2/

rss feed






Using Apache .htaccess file.



Information
The .htaccess files (you must put a period in front of the filename) can be placed in the various directories of your docroot and overrides the options set in the httpd config file. An .htaccess file only applies for that directory where the file is set and its subdirectories.

Place commands on each line (do not wrap) in the .htaccess and comments are marked with a hash (#) at the start of the line. Use the ASCII mode when you upload the files.

Usually an .htaccess file is used when you do not have access to the httpd.conf file.
If possible avoid using .htaccess files, the reasons are:
  • Web server performance is reduced.
  • An .htaccess file modifies the server configuration. If you are the server administrator this results in changes over which you have no control over.
With .htaccess files you can do the following: More information can be found at: http://httpd.apache.org/docs/2.0/howto/htaccess.html

Operating system used
Windows XP Home Edition Version 5.1 SP 2

Software prerequisites
Apache 2.0.49


Procedure
  1. Open the C:\Tools\Apache Group\Apache2\conf\httpd.conf file and enable the use of .htaccess files by setting the following:

    AccessFileName .htaccess

    <Directory />
        AllowOverride All
        #AllowOverride None
    </Directory>


    Note 1:
    The AllowOverride is valid only in <Directory> sections.

    Note 2:
    If AllowOverride is set to None, then the .htaccess files are completely ignored.

    Note 3:
    In the AllowOverride you can also specify which directive are allowed to be overridden by the .htaccess file. For example:

    AllowOverride ErrorDocument DirectoryIndex

    In this example you can ONLY override the ErrorDocument and DirectoryIndex directives.

    Note 4:
    If you are using the VirtualHost directive, an example is given below where to set the AllowOverride directive:

    AccessFileName .htaccess

    Listen 80

    ServerAdmin [email protected]

    ServerName www.mobilefish.com:80

    DirectoryIndex index.html index.html.var index.shtm index.htm

    NameVirtualHost 192.168.1.100

    <VirtualHost 192.168.1.100:80>
       ServerAdmin [email protected]
       DocumentRoot c:/mobilefish_web
       ServerName www.mobilefish.com
       ErrorLog logs/www.mobilefish.com-error_log
       #TransferLog logs/www.mobilefish.com-access_log
       CustomLog "|c:/weblogs/rotatelogs.exe
          c:/weblogs/www.mobilefish.com-access_%y%m%d.log 86400" combined
       <Directory "c:/mobilefish_web">
           Options +Includes
           AddType text/html shtm
           AddOutputFilter Includes shtm
           AllowOverride All
       </Directory>
    </VirtualHost>

    View the updated httpd.conf file .

  2. Restart Apache.

  3. Here below are a few examples what you can do with the .htaccess file:

    Turning directory listings on/off.

    Step 1.
    Put the following lines in an .htaccess file:

    Options +Indexes
    Options -Indexes

    Note:
    Turning directory listings on: Options +Indexes
    Turning directory listings off: Options -Indexes

    Specify custom error documents.

    Step 1.
    Put the following lines in an .htaccess file:

    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html


    Note:
    More information see quick guide: Create custom error pages.


    Enabling server-side includes.

    Step 1.
    Put the following lines in an .htaccess file:

    Options +Includes
    AddType text/html shtm
    AddOutputFilter Includes shtm


    Note 1:
    Enable the mod_include module by uncommenting line:
    LoadModule include_module modules/mod_include.so

    Note 2:
    The Options directive permit files to be parsed for SSI directives.

    Note 3:
    The AddType directive defines .shtm files as text/html mime types and indicates that the resulting content is marked as HTML so that the browser displays it properly.

    Note 4:
    The AddOutputFilter tells Apache to treat every shtm file as one that can include SSI commands and filters any output through mod_include.


    Modifying the environment variables.

    Step 1.
    Put the following lines in an .htaccess file:

    SetEnv WEBSITE_NAME "Mobilefish.com"
    UnSetEnv REMOTE_ADDR


    Step 2.
    Create an html file containing the following lines:

    <html>
    <head>
    <title>Demo</title>
    </head>
    <body>
        <!--#echo var="WEBSITE_NAME" -->
    </body>
    </html>

    Step 3.
    Open a browser and access the html page. You will see the text "Mobilefish.com" in your browser.

    Note 1:
    With SetEnv you can explicitly set an environment variable.
    UnSetEnv excludes variables from being set or passed.

    Note 2:
    If PassEnv and SetEnv are set for a directory but a subdirectory cannot use the given variables, you can use UnSetEnv to exempt the subdirectory from those variable settings.

    Note 3:
    An overview of Apache environment variables can be found in quick guide "Environment variables".


    Adding new MIME types.

    Step 1.
    Put the following lines in an .htaccess file:

    AddType text/vnd.sun.j2me.app-descriptor .jad
    AddType application/java-archive .jar
    AddType application/octet-stream .bin


    Note 1:
    More information about MIME types can be found in the quick guide: "MIME types".

    Note 2:
    To force a file to be downloaded, via the "Save As browser" feature, you can simply set a MIME type to "application/octet-stream" and that immediately prompts you for the download.


    Blocking users by ip addresses or domain names.

    Step 1.
    Put the following lines in an .htaccess file:

    # Option 1:
    order allow,deny
    deny from 10.0.0.5
    deny from 192.168.1.
    deny from .xyzfoe.com
    allow from all
    #
    # Option 2:
    order deny,allow
    deny from all
    allow from 10.0.0.5
    allow from 192.168.1.
    allow from .xyzfoe.com


    Step 2a. (Option 1 selected)
    If you put the .htaccess file in the docroot then all users with ip address 10.0.0.5, 192.168.1.1, 192.168.1.2, etc. and domain name www.xyzfoe.com, test.xyzfoe.com, etc. will be blocked. Everyone else can access to your site.

    Watch out for the order sequence! First allow statements are executed then deny.



    Step 2b. (Option 2 selected)
    If you put the .htaccess file in the docroot then only users with ip address 10.0.0.5, 192.168.1.1, 192.168.1.2, etc. and domain name www.xyzfoe.com, test.xyzfoe.com, etc. have access to your site. Everyone else will be blocked.

    Watch out for the order sequence! First deny statements are executed then allow.

    Prevent viewing of .htaccess file.

    <Files .htaccess>
    order deny,allow
    deny from all
    </Files>



    Redirecting the client.

    There are different types of redirections:

    • permanent - the resource has moved permanently (status code: 301)
    • temp - it has temporarily moved elsewhere (status code: 302)
    • seeother - the resource has been replaced (status code: 303)
    • gone - it has been permanently removed (status code: 410)

    Using redirection types:

    Redirect permanent /index.html http://www.mobilefish.com/home/welcome/welcome.html
    Redirect temp /index.html http://www.mobilefish.com/home/welcome/welcome.html
    Redirect seeother /index.html http://www.mobilefish.com/home/welcome/welcome.html
    Redirect gone /home/welcome


    Using status codes:

    Redirect 301 /index.html http://www.mobilefish.com/home/welcome/welcome.html
    Redirect 302 /index.html http://www.mobilefish.com/home/welcome/welcome.html
    Redirect 303 /index.html http://www.mobilefish.com/home/welcome/welcome.html
    Redirect 410 /home/welcome


    It is recommended to use 301 instead of 302 especially if it concerns your site main page. It seems that search engines like Google does not like 302!

    No type specified, default 302 is used:

    Redirect /index.html http://www.mobilefish.com/home/welcome/welcome.html

    Redirecting a page:

    Redirect 301 /index.html http://www.mobilefish.com/home/welcome/welcome.html

    Redirecting a directory:

    Redirect 301 /home/welcome http://www.mobilefish.com/developer

    Redirecting an entire site:

    Redirect / http://newsite.mobilefish.com/

    If you enter:

    http://www.mobilefish.com/home/welcome/welcome.html

    you will be redirected to:

    http://newsite.mobilefish.com/home/welcome/welcome.html

    If you wanted to be redirected to:

    http://newsite.mobilefish.com

    use this instead:

    RewriteEngine on
    RewriteRule (.*) http://newsite.mobilefish.com/


    Rewriting the URL.

    Example 1: Protect direct linking of images.

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mobilefish.com/.*$ [NC]
    RewriteRule \.(jpg|gif)$ - [F]


    Note:
    All .gif or .jpg images from www.mobilefish.com are protected from direct linking.

    Example 2: Show alternate image when someone links to your image.

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mobilefish\.com/ [NC]
    RewriteRule \.(jpg|gif)$ images/question.gif [L]


    Note:
    The alternate image displayed is question.gif.

    Example 3: Block traffic from a single referrer.

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} www\.xyzfoe\.com [NC]
    RewriteRule .* - [F]


    Note:
    Referrers from sites www.xyzfoe.com are blocked.
    They will see a 403 Forbidden error page.

    Example 4: Block traffic from a multiple referrers.

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} www\.xyzfoe\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} abcfoe\.com
    RewriteRule .* - [F]


    Note:
    Referrers from sites www.xyzfoe.com or abcfoe.com are blocked.
    They will see a 403 Forbidden error page.



    Password protecting directories.

    Step 1.
    Enable the mod_auth module by uncommenting line:
    LoadModule auth_module modules/mod_auth.so

    Step 2.
    Create a directory C:/mobilefish_web/secure

    Step 3.
    Create file C:/mobilefish_web/secure/test.html, containing the following lines:

    <html>
    <head>
       <title>Secure Page</title>
    </head>
    <body>
    <h1>Secure Page </h1>
    </body>
    </html>


    Step 4.
    Put the following lines in an .htaccess file:

    AuthType Basic
    AuthName "For Members Only"
    AuthUserFile C:/mobilefish_web/secure/.htpasswd
    AuthGroupFile /dev/null
    require valid-user
    #
    # Option 1: Allow from specific ip addresses and NO login required
    #allow from 127.0.0.1
    #allow from 10.0.0.3
    #satisfy any
    #
    # Option 2: Allow from specific ip addresses and login required
    #allow from 127.0.0.1
    #allow from 10.0.0.3
    #satisfy all


    Note 1:
    The AuthUserFile contains the location of the .htpasswd file.
    You must enter the absolute SYSTEM path (NOT the path starting from the docroot).

    Note 2:
    For security reasons it is NOT recommended to put the .htpasswd file inside your docroot.

    Note 3:
    You can also grant/restrict access to the password protected directory based on IP addresses. Uncomment the lines below Option 1 or 2 depending if the users from the specified ip addresses are required to login or not.

    Note 4:
    "require valid-user" means that every user in the htpasswd file has access to this protected directory. If you only want user "jim" to have access to this directory replace line "require valid-user" with: require user jim

    Step 5.
    Create the .htpasswd file using the online .htaccess and .htpasswd generator or create it yourself, type:

    htpasswd -c .htpasswd username

    Example:
    C:\Tools\Apache Group\Apache2\bin>htpasswd -c .htpasswd guest
    Automatically using MD5 format.
    New password: ********
    Re-type new password: ********
    Adding password for user guest


    To add additional users to this file, type:

    htpasswd .htpasswd new_username

    Example:
    C:\Tools\Apache Group\Apache2\bin>htpasswd .htpasswd guest2
    Automatically using MD5 format.
    New password: *********
    Re-type new password: *********
    Adding password for user guest2


    To delete users from this file, type:

    htpasswd -D .htpasswd username

    Example:
    C:\Tools\Apache Group\Apache2\bin>htpasswd -D .htpasswd guest2
    Automatically using MD5 format.
    Deleting password for user guest2


    Note 1:
    Upload the .htpasswd files using the ASCII mode.

    Note 2:
    For security reasons it is NOT recommended to put the .htpasswd file inside your docroot.

    Step 6.
    Put the .htaccess and .htpasswd files in the C:/mobilefish_web/secure directory.

    Step 7.
    Type: http://www.mobilefish.com/secure/index.html

    Step 8.
    A popup window will open.

    Apache secure directory

    Step 9.
    Enter your User Name and Password.

    Step 10.
    The index.html page will be displayed.



    Compress certain files (mod_deflate.so is enabled)

    Step 1.
    Make sure mod_deflate.so is enabled as described in tutorial HTTP compression.

    Step 2.
    Put the following lines in an .htaccess file:

    <IfModule mod_deflate.c>
       <FilesMatch "\.(js|css|php|html|shtm|htm|txt|xml)$">
          SetOutputFilter DEFLATE
       </FilesMatch>
    </IfModule>