Sometimes you are using someone else’s web server, for example, a paid
hosting service. That someone else may not want you mucking about with
their web server configuration. There are still configuration
opportunities however. By including a file called
.htaccess in your
served directory (one
.htaccess file for each served directory), you
can specify some things that customize web server behavior for that
Make sure that your
.htaccess file is readable. I found that file
permissions can mess with effectiveness.
Also note that there are (at least) two different formats for
.htaccess. This is dependant on the version of Apache that is being
used. I don’t know how to query the service if you don’t have direct
access to it to find out which version it is using. When I used the
wrong format, I got Forbidden 403 errors. Finding documentation is
especially confusing thanks to this multiplicity of possibilities. I
found this helpful for "current" versions of Apache:
Here, for example is my
.htaccess file for my help notes. This
allows text files to be served as text files, while files with no
extension are served as html.
#Chris' .htaccess for Help Files # Files with no extension are served as HTML. # Files ending in .txt are served as text. # Files ending in .html are served as HTML. <Files .htaccess> order allow,deny deny from all </Files> <Files ~ "^[^.]*$"> ForceType text/html </Files> <Files *.txt> ForceType text/plain </Files> <Files *.html> ForceType text/html </Files>
Here’s an even more enthusiastic one for my resume where the files are
named things like
ps so that the URL is
<Files "pdf"> ForceType application/pdf </Files> <Files "txt"> ForceType text/plain </Files> <Files "html"> ForceType text/html </Files> <Files "roff"> # ForceType application/x-troff ForceType text/plain </Files> <Files "ps"> ForceType application/ps </Files> <Files "rtf"> ForceType application/rtf </Files>
.htaccess file can also be used to provide a bit of security
mod_auth (I think). Here is a
.htaccess file I use to
implement a password protected directory.
AuthUserFile /var/www/somedir/private/.htpasswd AuthType Basic AuthName "Chris' Private Folder" Require valid-user
.htpasswd file is generated by the
To enable files in a directory to be executed as CGI programs use the
Options +ExecCGI AddHandler cgi-script cgi py pl # Or to make all files in the directory active CGI programs. #SetHandler cgi-script
If you need the traffic of your web server to be encrypted, you need a certificate. This is a notorious pain and usually costs money. Here is a very nice idea that is supported by the EFF and a lot of important browsers.
I would look at this first.
Ubuntu’s Apache configuration is a bit baroque but reasonable once you
get the hang of it. Most things in
/etc/apache/apache2.conf are just
sourcing other things. Which things get sourced are configured by
linking "available" things into the "enabled" directories. This
applies to modules (mods-available) and virtual hosts
On Ubuntu, httpd.conf is pretty much empty and the end user can put whatever special things make the site special in there. But note that it might not be in the right order or context there. It does get sourced though and is a convenient place to put some stuff.
Normally to change the behavior of the default served directory, edit /etc/apache2/sites-enabled/000-default which will contain:
<Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory>
This also indicates where the default web documents (document root) is, /var/www.
/etc/apache2 |-- apache2.conf |-- conf.d | |-- charset | |-- localized-error-pages | \-- security |-- envvars |-- httpd.conf |-- magic |-- mods-available | |-- cgi.load | |-- dav.load | |-- dbd.load | |-- imagemap.load | |-- include.load | |-- info.conf | |-- info.load | |-- ldap.load | |-- ssl.conf | |-- ssl.load | |-- status.conf | |-- status.load | |-- suexec.load | |-- userdir.conf | |-- userdir.load | |-- version.load | \-- vhost_alias.load |-- mods-enabled | |-- cgid.load -> ../mods-available/cgid.load | |-- status.conf -> ../mods-available/status.conf | \-- status.load -> ../mods-available/status.load |-- ports.conf |-- sites-available | |-- default | \-- default-ssl \-- sites-enabled \-- 000-default -> ../sites-available/default
How to check to see what modules and virtual hosts are active
# APACHE_RUN_USER=www-data APACHE_RUN_GROUP=www-data /usr/sbin/apache2 -t -D DUMP_MODULES -D DUMP_VHOSTS