Your Daily Source for Apache News and Information  
Breaking News Preferences Contribute Triggers Link Us Search About
Apache Today [Your Apache News Source] To internet.com

Apache HTTPD Links
Apache-Perl Integration Project
The Jakarta Project
Apache XML Project
Apache Module Registry
The Java Apache Project
The Apache Software Foundation
The Apache FAQ
Apache Project
Apache-Related Projects
ApacheCon
PHP Server Side Scripting

  internet.com

Internet News
Internet Investing
Internet Technology
Windows Internet Tech.
Linux/Open Source
Web Developer
ECommerce/Marketing
ISP Resources
ASP Resources
Wireless Internet
Downloads
Internet Resources
Internet Lists
International
EarthWeb
Career Resources

Search internet.com
Advertising Info
Corporate Info
Using .htaccess Files with Apache
Jul 19, 2000, 16 :07 UTC (210 Talkback[s]) (103317 reads) (Other stories by Ken Coar)

By
Copyright © 2000 by Ken Coar. All rights reserved. Limited rights granted to Internet.Com.

One of the most common needs Webmasters have is to cause the Web server to handle all the documents in a particular directory, or tree of directories, in the same way -- such as requiring a password before granting access to any file in the directory, or allowing (or disallowing) directory listings. However, this need often extends to more than just the Webmaster; consider students on a departmental Web server at a university, or individual customers of an ISP, or clients of a Web-hosting company. This article describes how the Webmaster can extend permission to tailor Apache's behaviour to users, allowing them to have some control over how it handles their own sub-areas of its total Web-space.

This article shows how you can use per-directory configuration files, called .htaccess files, to customise Apache behaviour -- or allow your users to do so for their own documents.

Per-Directory Settings

Apache's configuration system addresses the need to group documents by directory in a straightforward manner. To apply controls to a particular directory tree, for instance, you can use the <Directory> container directive in the server's configuration files:

    <Directory "C:/Program Files/Apache Group/Apache/htdocs">
        AllowOverride None
        Options None
    </Directory>
  

This has the advantage of keeping control in the Webmaster's hands; there's no need to worry about any of the server's users being able to change the settings, since the server configuration files are generally not modifiable by anyone except the admin. Unfortunately, it has the disadvantages of requiring a restart of Apache any time the config file is changed, and that it can become truly burdensome to add all the <Directory> containers that might be needed for all the users that have special requirements.

An alternative method for supplying the desired granularity of Apache configuration -- down to the directory level -- is to use special partial config files in each directory with special requirements.

So What's an .htaccess File?

An .htaccess file is simply a text file containing Apache directives. Those directives apply to the documents in the directory where the .htaccess file is located, and to all subdirectories under it as well. Other .htaccess files in subdirectories may change or nullify the effects of those in parent directories; see the section on merging for more information.

As text files, you can use whatever text editor you like to create or make changes to .htaccess files.

These files are called '.htaccess files' because that's what they're typically named. This naming scheme has its roots in the NCSA Web server and the Unix file system; files whose names begin with a dot are often considered to be 'hidden' and aren't displayed in a normal directory listing. The NCSA developers chose the name '.htaccess' so that a control file in a directory would have a fairly reasonable name ('ht' for 'hypertext') and not clutter up directory listings. Plus, there's a long history of Unix utilities storing their preferences information in such 'hidden' files.

The name '.htaccess' isn't universally acceptable, though. Sometimes it can quite difficult to persuade a system to let you create or edit a file with such a name. For this reason, you can change the name that Apache will use when looking for these per-directory config files by using the AccessFileName directive in your server's httpd.conf file. For instance,

    AccessFileName ht.acl
  

will cause Apache to look for files named ht.acl instead of .htaccess. They'll be treated the same way, though, and they're still called '.htaccess files' for convenience.

Locating and Merging .htaccess Files

When Apache determines that a requested resource actually represents a file on the disk, it starts a process called the 'directory walk.' This involves checking through its internal list of <Directory> containers to find those that apply, and possibly searching the directories on the filesystem for .htaccess files.

Each time the directory walk finds a new set of directives that apply to the request, they are merged with the settings already accumulated. The result is a collection of settings that apply to the final document, culled from all of its ancestor directories and the server's config files.

When searching for .htaccess files, Apache starts at the top of the filesystem. (On Windows, that usually means 'C:\'; otherwise, the root directory '/'.) It then walks down the directories to the one containing the final document, processing and merging any .htaccess files it finds that the config files say should be processed. (See the section on overrides for more information on how the server determines whether an .htaccess file should be processed or not.)

This can be an intensive process. Consider a request for <URI:http://your.host.com/foo/bar/gritch/x.html> which resolves to the file

    C:\Program Files\Apache Group\Apache\htdocs\foo\bar\gritch\x.html
  

Unless instructed otherwise, Apache is going to look for each of the following .htaccess files, and process any it finds:

  1. C:\.htaccess
  2. C:\Program Files\.htaccess
  3. C:\Program Files\Apache Group\.htaccess
  4. C:\Program Files\Apache Group\Apache\.htaccess
  5. C:\Program Files\Apache Group\Apache\htdocs\.htaccess
  6. C:\Program Files\Apache Group\Apache\htdocs\foo\.htaccess
  7. C:\Program Files\Apache Group\Apache\htdocs\foo\bar\.htaccess
  8. C:\Program Files\Apache Group\Apache\htdocs\foo\bar\gritch\.htaccess

That's a lot of work just to return a single file! And the server will repeat this process each and every time the file is requested. See the overrides section for a way to reduce this overhead with the AllowOverride None directive.

Because .htaccess files are evaluated for each request, you don't need to reload the Apache server whenever you make a change. This makes them particularly well suited for environments with multiple groups or individuals sharing a single Web server system; if the Webmaster allows, they can exercide control over their own areas without nagging the Webmaster to reload Apache with each change. Also, if there's a syntax error in an .htaccess file, it only affects a portion of the server's Web space, rather than keeping the server from running at all (which is what would happen if the error was in the server-wide config files).

Directives that Work in .htaccess Files

Not all directives will work in .htaccess files; for example, it makes no sense to allow a ServerName directive to appear in one, since the server is already running and knows its name -- and cannot change it -- by the time a request would cause the .htaccess file to be read. Other directives aren't allowed because they deal with features that are server-wide, or perhaps are too sensitive.

However, most directives are allowed in .htaccess files. If you're not sure, take a look at the directive's documentation. Figure 1 is a sample extracted from the Apache documentation. You can see where the text says 'Context' that .htaccess is listed; that means this directive can be used in the per-directory config files.

The SetEnvIf Directive

Syntax: SetEnvIf attribute regex envar[=value] [...]
Default: none
Context: server config, virtual host, directory, .htaccess
Override: FileInfo
Status: Base
Module: mod_setenvif
Compatibility: Apache 1.3 and above; the Request_Protocol keyword and environment-variable matching are only available with 1.3.7 and later; use in .htaccess files only supported with 1.3.13 and later

Figure 1: Directive Documentation

Note, however, that there's more information on the Compatibility line; it says that this directive can only be used in .htaccess files if you're running Apache version 1.3.13 or later.

If you try to include a directive in an .htaccess file that isn't permitted there, any requests for documents under that directory will result in a '500 Server Error' error page and a message in the server's error log.

If your .htaccess file contains directives that aren't covered by the current set of override categories, they won't cause an error -- the server will just ignore them. So your file can contain directives in any -- or all -- of the categories, and only those in the categories listed in the AllowOverride list will be processed. All of the others will be checked for syntax, but otherwise not interpreted.

Overrides: Limiting Which Directives Will Be Processed

Apache directives fall into seven different categories, and all can appear in the server-wide config files. Only five of the categories can be used in .htaccess files, though, and in order for Apache to accept a directive in a per-directory file, the settings for the directory must permit the directive's category to be overridden.

The five categories of directives are:

AuthConfig
This category is intended to be used to control directives that have to do with Web page security, such as the AuthName, Satisfy, and Require directives. This is the most common category to allow to be overridden, as it allows users to protect their own documents.
FileInfo
Directives that control how files are processed are
Indexes
Directives that affect file listings should be in this category. It includes IndexOptions, AddDescription, and DirectoryIndex, for example.
Limit
This category is similar to the AuthConfig one in that the directives it covers are typically related to security. However, they usually involve involuntary controls, such as controlling access by IP address. Directive in this category include Order, Allow, and Deny.
Options
The Options category is intended for directives that support miscellaneous options, such as ContentDigest, XBitHack, and Options itself.

A special directive, which is usable only in the server-wide configuration files, dictates which categories may be overridden in any particular directory tree. The AllowOverride directive accepts two special keywords in addition to the category names listed above:

All
This is a shorthand way of listing all of the categories; the two statements below are equivalent:
    AllowOverride AuthConfig FileInfo Indexes Limits Options
    AllowOverride All
    
None
This keyword totally disables the processing of .htaccess files for the specified directory and its descendants (unless another AllowOverride directive for a subdirectory is defined in the server config files). 'Disabled' means that Apache won't even look for .htaccess files, much less process them. This can result in a performance savings, and is why the default httpd.conf file includes such a directive for the top-level system directory. .htaccess processing is disabled for all directories by default by that directive, and is only selectively enabled for those trees where it makes sense.

As shown above, the AllowOverride directive takes a whitespace-separated list of category names as its argument.

Be Aware of What You're Granting

By allowing the use of .htaccess files in user (or customer or client) directories, you're essentially extending a bit of your Webmaster privileges to anyone who can edit those files. So if you choose to do this, you should consider occasionally performing an audit to make sure the files are appropriately protected -- and, if you're really ambitious, that they contain only settings of which you approve.

Because of the very coarse granularity of the possible override categories, it's quite possible that by granting a user the aility to override one set of directives you're inadvertently delegating more power than you anticipate. For instance, you might want to include a "AllowOverride FileInfo" directive for user directories so that individuals can use the AddType directive to label documents with MIME types that aren't in the server-wide list -- but were you aware when you did this that you were also giving them access to the Alias, Header, Action, and Rewrite* directives as well? Directives are associated with override categories on a per-module basis, so tracking down what's permitted by allowing a particular category of override can be a tedious process.

The ultimate answer to what directives are in which categories is the source code. If you really want to know, examine the source for the following strings:

String Corresponding AllowOverride Keyword
OR_AUTHCFG AllowOverride AuthConfig
OR_FILEINFO AllowOverride FileInfo
OR_INDEXES AllowOverride Indexes
OR_LIMIT AllowOverride Limit
OR_OPTIONS AllowOverride Options

(See the previous section for a description of what the different override categories mean.)

As you can see, with the exception of the AuthConfig/AUTHCFG keywords, the source keywords are identical to the directive keywords. This is convenient!

Putting It All Together

Before enabling .htaccess files, consider the advantages and disadvanteges. On servers I run myself, with no users, I tend to use .htaccess files for testing and debugging, and when I have a configuration I like, I move the directives into a <Directory> container in the httpd.conf file and delete the .htaccess file. For this reason, I have overrides enabled just about everywhere. This allows me to balance the convenience of .htaccess files against their performance impact.

On some of my servers I have some user accounts for people I know and trust, and in those environments I'm more cautious and don't allow all overrides globally. I do tend to allow whatever overrides my friends need for their own directories, though.

And in some cases I have real 'user' accounts, for people I do not know as well -- and on those servers AllowOverride None is the rule. I occasionally allow .htaccess files in their private directories, but I carefully audit the possible effects before granting an override category.

The two main disadvantages to using .htaccess are the performance impact and the extending of control access to others. The first is somewhat manageable through the judicious use of the AllowOverride directive, and the latter is a matter of establishing trust -- and performing risk assessment. What mix works best in your environment is something you'll need to determine for yourself.

Troubleshooting

Here are some of the most common problems I've seen people have (or have had myself) with .htaccess files. One thing I should stress first, though: the server error log is your friend. You should always consult the error log when things don't seem to be functioning correctly. If it doesn't say anything about your problem, try boosting the message detail by changing your LogLevel directive to debug. (Or adding a LogLevel debug line of you don't have a LogLevel already).

'Internal Server Error' page is displayed when a document is requested
This indicates a problem with your configuration. Check the Apache error log file for a more detailed explanation of what went wrong. You probably have used a directive that isn't allowed in .htaccess files, or have a directive with incorrect syntax.
.htaccess file doesn't seem to change anything
It's possible that the directory is within the scope of an AllowOverride None directive. Try putting a line of gibberish in the .htaccess file and force a reload of the page. If you still get the same page instead of an 'Internal Server Error' display, then this is probably the cause of the problem. Another slight possibility is that the document you're requesting isn't actually controlled by the .htaccess file you're editing; this can sometimes happen if you're accessing a document with a common name, such as index.html. If there's any chance of this, try changing the actual document and requesting it again to make sure you can see the change. this isn't happening.
I've added some security directives to my .htaccess file, but I'm not getting challenged for a username and password
The most common cause of this is having the .htaccess directives within the scope of a Satisfy Any directive. Explicitly disable this by adding a Satisfy All to the .htaccess file, and try again.

Going Further

Once you've got your Apache Web server up and running, the first hurdle has been surmounted. Now you can move on to exploring its capabilities and features. Here are some pointers to resources for further investigation:

  • The main Apache Web site, of course: <URL:http://www.apache.org/>
  • The documentation for Apache and its modules: <URL:http://www.apache.org/docs/>
  • The canonical email response page: <URL:http://www.apache.org/foundation/preFAQ.html>
    (This page is normally used to respond to email requests for support, but there are lots of good resources listed on it.)

Conclusion

Apache provides two main ways of controlling its behaviour on a per-directory level: <Directory> containers in the server-wide configuration files, and .htaccess files in each directory where they're needed. Each method has its advantages and its disadvantages; you, as the Webmaster, need to balance these against each other to decide what mix of the techniques is best for your environment.

If you do decide to permit the use of .htaccess files, be sure to limit them to appropriate areas and improve your performance by using AllowOverride None elsewhere. This will save unnecessary disk activity.


Got a Topic You Want Covered?

If you have a particular Apache-related topic that you'd like covered in a future article in this column, please let me know; drop me an email at <>. I do read and answer my email, usually within a few hours (although a few days may pass if I'm travelling or my mail volume is 'way up). If I don't respond within what seems to be a reasonable amount of time, feel free to ping me again.

About the Author

Ken Coar is a member of the Apache Group and a director and vice president of the Apache Software Foundation. He is also a core member of the Jikes open-source Java compiler project, a contributor to the PHP project, the author of Apache Server for Dummies, a lead author of Apache Server Unleashed, and is currently working with Ryan Bloom on a book for Addison-Wesley tentatively entitled Apache Module Development in C. He can be reached via email at <>.

  Current Newswire:
ComputerWorld: Open source databases bloom

intelligent enterprise: Will open source databases ever have a major role in business-critical applications?

Open source pioneer closes after failing to identify a qualified investor or acquirer

Yahoo: Open-source database company closes

BYTE: Colocating Your Internet Server

SysAdmin: Books: A User's Report: Apache Desktop Reference

DaveNet: Apache

UnixReview: HTTP Benchmarking, Part 3: Tips and Tweaks

InfoWorld: Red Hat offers Compaq-based e-commerce suite

Covalent to Deliver Optimized Apache Solutions on ProLiantTM servers

 Talkback(s) Name  Date
For any who are interested, I wrote a low-level tutorial a few years ago about t ...   basic tutorial I wrote   
  Jul 19, 2000, 23:44:25
Hi, I had just made a htaccess file in certain directory. But that would chan ...   How htaccess take effect   
  Aug 21, 2000, 11:39:00
HI,Is there any limit in the numbers of users which can be included into the .ht ...   htaccess   
  Sep 21, 2000, 04:41:04
Please if you can help me e-mail back.I have been told that by altering my htacc ...   I need help to redirect my domian to a file!   
  Sep 23, 2000, 06:44:14
Hello, maybe you can help me... we german-speaking people have a problem with  ...   .htaccess for charset=iso-8859-1?   
  Sep 23, 2000, 21:48:13
Hi,I would like to know if it is at all possible to be able to authenticate a us ...   HTACCESS   
  Sep 26, 2000, 04:34:52
Matthew,I am trying to accomplish the same thing..I am sorry for my English..the ...   Re: HTACCESS   
  Sep 28, 2000, 16:52:46
How can i configure in the .htaccess file to open /cgi-bin/index.cgi? ...   Default document   
  Oct 2, 2000, 13:31:37
i am attempting to use .htaccess files to password protect a website. i have set ...   username and password rejected   
  Oct 6, 2000, 22:23:40
Hiyou must fill in the full path name e.g./var/www/virtual/your/path/to/.htpassw ...   Re: username and password rejected   
  Oct 17, 2000, 12:42:16
I picked up on your e-mail as I was suffering with the same prob..... but on NT. ...   Re: Re: username and password rejected   
  Oct 21, 2000, 17:03:01
Try: DirectoryIndex /cgi-bin/index.cgiThat works if you want to just redirect t ...   Re: Default Document   
  Oct 24, 2000, 22:28:36
I have configure .htaccess for a directory and the window asking me for user/pas ...   username/password appears twice   
  Oct 25, 2000, 18:27:44
Now that I pulled all the hair out of my head, I hope someone can assist. I&#39; ...   you don't have permission to access page   
  Oct 26, 2000, 20:32:37
Once a user has been authenticated through the .htaccess and password file,is th ...   Un-Authenticating   
  Oct 28, 2000, 18:12:44
I am looking for the simplist solution for granting read AND write access to fil ...   CGI gaining read/write access   
  Nov 1, 2000, 03:41:10
 I have configure .htaccess for a directory and the window asking me for user/pa ...   Re: username/password appears twice   
  Nov 3, 2000, 07:16:19
My provider only supports .php3 for php files but I would like to have a .php ex ...   .php and .php3   
  Nov 3, 2000, 17:14:12
You could probably simply try and reversethe use of denial for this person in th ...   Re: HTACCESS   
  Nov 4, 2000, 03:54:43
access question:I want to have several directories to be accessable from some do ...   Local script-access with deny all ?   
  Nov 4, 2000, 04:23:47
You can do a cgi script. The script will be the default file for the protected d ...   Re: Re: HTACCESS   
  Nov 6, 2000, 21:01:26
If I grant a particular user access to a directory in the .htaccess file, what c ...   Undoing user privileges in subdirectories   
  Nov 8, 2000, 18:03:21
Did you ever find an answer to this problem as I am facing the same : 0(Any help ...   Re: Local script-access with deny all ?   
  Nov 14, 2000, 07:11:36
hi michael,if your php-version=3.x try one this line:AddType application/x-httpd ...   Re: .php and .php3   
  Nov 16, 2000, 11:18:42
I want to make my Images directory not allow a directory listing if there is no ...   Authorized   
  Nov 16, 2000, 23:51:33
Hi,You should set the following insides the "httpd.conf" and restart the deamon. ...   Re: How htaccess take effect   
  Nov 17, 2000, 07:00:15
I am having trouble trying to follow the instructions for setting up an htaccess ...   htaccess and Apache on NT   
  Nov 21, 2000, 02:57:30
I know this question was asked before by Eric but I didn&#39;t see any response ...   Multiple domains   
  Nov 25, 2000, 22:05:47
After reading this entire tutorial, I still don&#39;t knowhow to set a simple us ...   .htaccess example   
  Nov 27, 2000, 16:33:01
Check this out. http://perl.apache.org/guide/security.html#Authentication_code_s ...   Re: Un-Authenticating   
  Nov 28, 2000, 06:17:49
hello,i have to complete the following task:on one server i have simple .html pa ...   server generated headers   
  Nov 28, 2000, 11:20:44
I&#39;ve set up my apache web server on an nt box and successfully implemented . ...   cancelling shows page with .htaccess   
  Nov 29, 2000, 22:30:12
Hi there. In a nut shell here&#39;s what you need to do.Create a .htaccess file ...   Re: .htaccess example   
  Dec 1, 2000, 06:32:08
HI!I&#39;m a windows user. :)If I&#39;m prompting "htpasswd -c .htpasswd someguy ...   Re: Re: .htaccess example   
  Dec 6, 2000, 12:10:51
I am a beginner in using .htaccess. Can anyone tell me how to encrypt passwords ...   Hi   
  Dec 7, 2000, 13:23:00
 I am a beginner in using .htaccess. Can anyone tell me how to encrypt passwords ...   Re: Hi   
  Dec 7, 2000, 22:15:28
I pulled the following off the Webmonkey site. I haven&#39;t tried it yet but am ...   Re: Multiple domains   
  Dec 11, 2000, 06:12:11
Hello, Im a begginer using .htaccess files and I have a problem. Im a UNIX use ...   My .htaccess doesnt work!!   
  Dec 12, 2000, 11:29:34
Try this in your .htaccess file:redirect permanent /(directory) (url)example:red ...   Re: I need help to redirect my domian to a file!   
  Dec 17, 2000, 07:58:51
 I am a beginner in using .htaccess. Can anyone tell me how to encrypt password ...   Re: Re: Hi   
  Dec 18, 2000, 10:08:33
Hello,I need to redirect cgi-bin/something/* to http://mydomain.comI know it is ...   Redirect permanent   
  Dec 18, 2000, 10:10:47
Hi, not sure if you got a response yet but I thought I&#39;ld try.It&#39;s tough ...   Re: My .htaccess doesnt work!!   
  Dec 19, 2000, 09:14:45
Create an .htaccess file withredirect / http://www.yourdomain.com/your_directory ...   Re: I need help to redirect my domian to a file!   
  Dec 28, 2000, 11:04:16
Can I redirect based on user name? If user Dennis logs into a directory Clients ...   redirect   
  Dec 29, 2000, 20:45:46
Hi!I trying to "secure" access to a website. But it really bothers me that the u ...   How do I force an authentication   
  Jan 3, 2001, 13:02:57
OK, so here&#39;s my problem:I have a client with a Web site running under Unix ...   htaccess problems   
  Jan 4, 2001, 06:02:09
Someone, or something, has filtered my msg and removed all text within angle bra ...   Re: htaccess problems   
  Jan 4, 2001, 22:17:12
Try changing the url to http://domain.com instead of http://www.domain.comI had ...   Re: username/password appears twice   
  Jan 5, 2001, 05:50:15
Please include the directory directive for the httpd.conf file and the .htaccess ...   Can anyone post an example that actually fuctions   
  Jan 8, 2001, 01:36:33
I am trying to upload a message board for my site.It is not working. The instruc ...   This question will be cake for you, but for me it is impossible...   
  Jan 10, 2001, 22:09:35
Try using the Find program in windows to look for htpasswd program. Then go to w ...   Re: Re: Re: .htaccess example   
  Jan 12, 2001, 11:32:09
Hi. Ive been struggling with this for several months with no success. I am find ...   Restricting file referal access   
  Jan 12, 2001, 17:04:57
The program is in the "bin" directory where you installed Apache. Most probably ...   Re: Re: Re: Re: .htaccess example   
  Jan 14, 2001, 11:59:37
I have installed the Apache Webserver on a Linux box with the Redhat version7.I ...   tftp   
  Jan 14, 2001, 20:34:08
if you known it,please mail to me!thanks. ...   Re: CGI gaining read/write access   
  Jan 16, 2001, 08:05:20
Hi.How can I make my .htaccess work within /home/*/public_html directories?I hav ...   publc_html directory and .htaccess   
  Jan 17, 2001, 23:26:25
Hello. I&#39;m trying to get client authentication when executing a servlet with ...   Servlet authentication   
  Jan 19, 2001, 12:01:48
Hello there,I made a generic copy of my htaccess file.The top section is set to ...   Re: Restricting file referal access   
  Jan 19, 2001, 21:32:38
Dan, the server looks at it as HTML, therefore it is not visiblesheesh, some idi ...   Re: Re: htaccess problems   
  Jan 20, 2001, 07:52:31
Hey, I cant seem to be able to authenticate, i have made shure everything was in ...   Unable to Authenticate   
  Jan 20, 2001, 08:43:00
Hi all!I am trying to use DBM to authenticate users...The only thing I know is, ...   Authentication via DBM   
  Jan 20, 2001, 18:34:44
Hi Curtis I put the following statements to the end of the access.conf file. T ...   Re: Can anyone post an example that actually fuctions   
  Jan 22, 2001, 10:15:27
Hey, when i try to put 2 htaccess&#39;s in my web server... One works, the other ...   Forbidden 403   
  Jan 23, 2001, 01:06:03
I am a user of .htaccess.Can you please tell me what to put in the file. I need ...   mime change   
  Jan 24, 2001, 03:45:14
I am currently sitting with the same problem with not knowing how to give read/w ...   CGI gaining read/write access   
  Jan 24, 2001, 11:17:26
 I&#39;ve been struggling with my .htaccess all day and, using your example, I ...   Re: Re: Restricting file referal access   
  Jan 27, 2001, 01:24:54
Does anyone know how to gain read/write access to directories on your server usi ...   Read/write access   
  Jan 27, 2001, 13:26:51
Hi,I&#39;m wondering if I have to configure my apache http-server to be able to ...   Apache-tomcat-jboss   
  Jan 31, 2001, 20:17:57
how to protect my defaul documet directory ie&#39; /usr/local/apache/htdocs??Thx ...   protecting /usr/local/apache/htdocs(default directory)   
  Feb 1, 2001, 06:10:39
How do you set up apache to allow only ssl conections to a virtual doamin? I fou ...   .htaccess and ssl   
  Feb 6, 2001, 17:02:34
Does anyone know how to redirect to a webpage when the logon is unsuccesful in a ...   Once the password fails I need to redirect to a webpage   
  Feb 6, 2001, 23:41:42
HiAfter uploading some files (i didn&#39;t know that there was also a .htaccess ...   I am unable to see the .htaccess file using ws_ftp   
  Feb 9, 2001, 14:17:25
Can I use unix encripted passwords generated by verotel company(third party) wh ...   using unix encripted passwords with apache under win32   
  Feb 11, 2001, 01:35:54
"Internal Error 2735. ResolveServerName"I can&#39;t install Apache 1.3.17 in Win ...   Win32 version does not install   
  Feb 12, 2001, 11:28:09
Hello people,I have read the tutorial on .htaccess files, but it doesnt seem to ...   How to create username/password?   
  Feb 14, 2001, 01:19:58
I have several perl scripts that live in my httpd/cgi-bin/*.pl directory. I woul ...   authentication for perl scripts   
  Feb 14, 2001, 22:07:49
You have to use the htpasswd command. the command should reside in apache&#39;s ...   Re: How to create username/password?   
  Feb 16, 2001, 18:37:53
HI,I have, as far as I can tell, setup .htaccess, .htpasswd, .htgroup correctly. ...   401 error - authorization required.   
  Feb 16, 2001, 18:55:02
I have ht.acl file in the directoryand inside the ht.acl fileAuthUserFile /home/ ...   Authorization Required   
  Feb 18, 2001, 00:32:44
I would like to ask if I want to prohibit 2 or more user use the same user name ...   How to prohibit 2 user using same login name at the same time?   
  Feb 20, 2001, 08:04:06
Hello people,I want to ask if there is a tool for managing .htaccess-files? Such ...   Is there a tool for managing .htaccess files   
  Feb 20, 2001, 09:56:17
In the directory you want to protect, create a file called .htaccess. It should ...   Re: How to create username/password?   
  Feb 20, 2001, 18:38:49
hi guys,i&#39;m using the .htaccess file to control the access at one area of my ...   do not request username/password   
  Feb 22, 2001, 11:29:50
I already install Apache on my NT box and I created file .htaccess in Apache dir ...   how do I set username/password on NT   
  Feb 28, 2001, 01:37:24
When I try to Compile the JSP File in Appache Server (Windows NT) I received the ...   Out of Memory Error   
  Feb 28, 2001, 08:10:25
I have an Apache web-server. On it is installed PHP4. But php-commands executes ...   How to execute PHP commands in html files?   
  Feb 28, 2001, 12:03:34
Help !!My web host (hostsave.com) has an apache server and he sent me the LINK t ...   "save as" pop up window   
  Feb 28, 2001, 13:30:34
I know what you mean.Personaly I use MSDOS for deleting these files. (if you are ...   Re: I am unable to see the .htaccess file using ws_ftp   
  Mar 1, 2001, 21:12:02
Hello, I get a forbidden 403 error everytime i try to access the directory listi ...   403 Forbidden error when i try to access files   
  Mar 3, 2001, 08:28:07
Many people here seem interested in specifically how you grant CGI scripts read ...   CGI Read / Write Access   
  Mar 4, 2001, 13:59:32
I&#39;m accessing two seperate web sites under the same domain. When I access th ...   htaccess multiple logins   
  Mar 9, 2001, 20:24:25
Please show me how do I restrict password protected only one file under the dire ...   .htaccess   
  Mar 14, 2001, 01:17:17
what htpaccess.exe did you use?it has to be under the same platform ...   Re: username and password rejected   
  Mar 15, 2001, 07:11:24
i receive this error when i try to access to the webpage that i trying to host i ...   Apache Server 1.3   
  Mar 20, 2001, 03:06:10
I have the htaccess and the htpasswd files setup correctly. However when I go t ...   Autorization Required problem   
  Mar 20, 2001, 20:44:05
i follow the instructions to set up the htaccess and create user with the passwo ...   apache htaccess on NT4 Workstation   
  Mar 21, 2001, 06:54:55
I have pdf files which I only want to the user to download, not view in the brow ...   .htaccess to restict files for download   
  Mar 27, 2001, 00:14:32
Hai i have my apache running under the dir c:\program files\apache group\apache ...   .htaccess not working   
  Mar 28, 2001, 16:07:24
umm... i found a .htaccess file in my root directory while ftp&#39;ing but my we ...   .htaccess on Exodus Server   
  Mar 29, 2001, 02:46:25
httpd will return a 401 error if authorization fails so....Use the ErrorDocument ...   Re: Once the password fails I need to redirect to a webpage   
  Mar 31, 2001, 09:42:27
You could use the mod_rewrite to automatically redirect all requests to the virt ...   Re: .htaccess and ssl   
  Mar 31, 2001, 10:23:00
Hi,I have made the following entries in my httpd.conf file for protecting all fi ...   Unable to get popup window for user authorization   
  Apr 2, 2001, 23:34:12
I&#39;m trying like crazy to set up this htaccess authentication on Apache 1.3.6 ...   htpasswd command not recognised on UNIX server running Apache 1.3.6   
  Apr 3, 2001, 16:08:22
My .htaccess was working fine until I tried to add the group file directive, Aut ...   AuthGroupFile, cannot authenticate using groups   
  Apr 4, 2001, 17:14:47
Hi,I need to obtain a popup window for user authentication of /home/shanky/bidTh ...   unable to obtain popup window for net.data macros   
  Apr 4, 2001, 21:45:25
Can anyone tell me how I change the page someone is sent to if they enter the wr ...   Changing page on failure of authentication   
  Apr 5, 2001, 12:06:26
Hi,I have set-up ".htaccess" to my website. I&#39;ve also added a change passwor ...   Login dialog after password change   
  Apr 6, 2001, 11:16:11
you may have solved this already as your post is over a month old. if you type - ...   Re: I am unable to see the .htaccess file using ws_ftp   
  Apr 7, 2001, 12:00:55
Hi,I want to authenticate a particular dir using .htaccess..for this purpose i n ...   how to run htpasswd remotely   
  Apr 8, 2001, 13:05:53
I haver several pdf-files on the server. When you click on the link, the plugin ...   force download pdf file   
  Apr 8, 2001, 20:39:27
I force authentication at root directory via .htaccess file, but want to grant u ...   Removing authentication in sub-directory   
  Apr 10, 2001, 14:35:03
hi there,I have some question about .htaccess settingI have no problem of having ...   .htaccess users account   
  Apr 11, 2001, 02:24:32
Hi all,as i got sql server at hoe, i think it is more managable to put all the u ...   what happen if password expired from htaccess?   
  Apr 11, 2001, 07:27:07
Hi!I&#39;m using the apache basic authentication scheme to log in to my web site ...   perl to un-authenticate?   
  Apr 11, 2001, 08:08:48
Yes - Try to use sa:username1 username2instead ofsa:username1,username2Does it w ...   Re: AuthGroupFile, cannot authenticate using groups   
  Apr 13, 2001, 14:25:19
Hello everyone,is there a way to produce reliable UNIX crypted passwords that ru ...   Help! How to create Crypt passwords without telnet access   
  Apr 13, 2001, 15:06:13
Hi Rainer :-)What you could do is strip everything down and try with the bare mi ...   Re: Help! How to create Crypt passwords without telnet access   
  Apr 14, 2001, 10:04:02
 Can anyone tell me how I change the page someone is sent to if they enter the w ...   Re: Changing page on failure of authentication   
  Apr 14, 2001, 10:23:14
 I force authentication at root directory via .htaccess file, but want to grant ...   Re: Removing authentication in sub-directory   
  Apr 14, 2001, 10:57:56
Instead of "Require user john mary peter sam jo" you can have "Require valid-use ...   Re: .htaccess users account   
  Apr 14, 2001, 11:39:04
I want to redirect a blocked user from my site to another .html file in the same ...   Redirecting denied users to another page   
  Apr 16, 2001, 19:47:49
hallo,I have a problem with redirecting a client to an error page. I use htacces ...   Difficult redirect to an error page   
  Apr 18, 2001, 15:14:55
How can I make my .htaccess so that it only asks for my password once and then s ...   Auth Prompts on CGI POST??   
  Apr 19, 2001, 15:35:20
I&#39;m running Apache 1.3.14 Win32.I&#39;m trying to setup .htaccess files fold ...   Win32 .htaccess auth failed   
  Apr 23, 2001, 04:30:51
Is there a consolidated listing of the directives allowed in htaccess that I can ...   htaccess directives   
  Apr 23, 2001, 22:54:51
Hi,I have a very basic .htaccess file in the directory I want to protect.It&#39; ...   Problem defining where my .htpasswd file is   
  Apr 25, 2001, 08:17:51
I am using .htaccess for user authentication. How can i keep a log of users acce ...   .htaccess log username   
  Apr 27, 2001, 04:42:57
Hi im trying to restrict access to a few of my web pages but when i make a htacc ...   internal server error   
  Apr 27, 2001, 20:38:45
Hello,I currently want to setup a htaccess to allow all but block certain ipaddi ...   How to ban users and show them a certain page letting them know.   
  Apr 28, 2001, 02:09:06
I too have been trying to do the same. The following link has a brief section ex ...   Re: How to ban users and show them a certain page letting them know.   
  Apr 30, 2001, 15:42:58
Mal auf deutsch und zusammengefasst: Bekannt ist den meisten ja folgendes:- Synt ...   Passwortschutz im Klartext?   
  May 1, 2001, 14:06:11
this is what i did several times. i worked out, that a pop up window opens and a ...   Re: Help! How to create Crypt passwords without telnet access   
  May 1, 2001, 15:08:45
I got it all, thanks. But how can i put something like "Welcome &#39;user name&# ...   User and Password variables   
  May 4, 2001, 00:07:50
Hello !how can I put an expiration time on the htaccess ??Thank you !Regards, Da ...   htaccess timeout   
  May 4, 2001, 22:43:58
Hi,l have setup my web server running 1.3.19. l have created the .htpasswd and . ...   help needed for htaccess   
  May 10, 2001, 02:08:33
I&#39;m having a strange thing happen with an .htaccess file. Here is an exampl ...   .htaccess URL redirection   
  May 10, 2001, 02:17:36
Hi,l manage to get the pop up windows asking user to enter the user ID and passw ...   pop-up window does not appear again   
  May 10, 2001, 10:16:21
is it possible to include 2 different AuthUserFile in .htaccess? ...   Including 2 user-files in .htacces   
  May 11, 2001, 10:47:47
Can somebody tell me what i have to do if i do not want my accesses to be logged ...   htaccess logfile restrictions   
  May 11, 2001, 13:09:29
I have had an .htaccess protected section of a website up for a while. It contai ...   cant get $ENV{'REMOTE_GROUP'}   
  May 12, 2001, 20:57:10
Hello,it&#39;s a Win NT5 server with apache running, everything goes fine, but t ...   htaccess seems not to be working (no window appeared)   
  May 17, 2001, 21:32:13
Hello:I am looking for a (Perl?) script generating authentication headers. I wil ...   login script   
  May 18, 2001, 23:47:11
I am sorry to ask this question again, but has anyone gotten an answer to this q ...   Re: redirect   
  May 22, 2001, 19:16:26
Can there be multiple AuthUserFiles in one .htaccess file? I have two separate p ...   Multiple AuthUserFiles and targeted redirect???   
  May 23, 2001, 16:56:33
Instead of using HTAccess you could use a perl Script. The script could create ...   Re: HTACCESS   
  May 25, 2001, 03:56:05
Hello, I have installed Apache 1.3.9, and my question is the following: I want t ...   Restricting access   
  May 25, 2001, 11:15:44
I want to count the number of visitors that are currently on my site and I wante ...   syntax to modify PHP in .htaccess files   
  May 28, 2001, 17:18:36
how do I get media player to accept the username and password entered by a user. ...   Htaccess/WindowsMedia   
  Jun 1, 2001, 04:06:37
I am very new to Apache. I want to configure "Default.htm" to be my default docu ...   Default document   
  Jun 3, 2001, 22:43:53
Has anyone else experienced a problem using Internet Explorer 5.00 or 5.01 in wh ...   IE 5.0x forcing authentication twice   
  Jun 4, 2001, 21:15:08
I too have seen this..The following is an example layout of the directory./opt/a ...   Re: IE 5.0x forcing authentication twice   
  Jun 8, 2001, 02:06:12
post you htaccess file. may be i can throw light on it. I have sucessfully done ...   Re: Win32 .htaccess auth failed   
  Jun 8, 2001, 12:51:50
I need to store encrypted password in the oracle 8i database. How do i do it?I a ...   Re: Re: How to create username/password?   
  Jun 8, 2001, 12:57:56
I am also facing the same problems. Can some one enlighten us on this? Regards ...   Re: Servlet authentication   
  Jun 8, 2001, 12:49:49
 I have an Apache web-server. On it is installed PHP4. But php-commands executes ...   Re: How to execute PHP commands in html files?   
  Jun 10, 2001, 14:39:01
HiI&#39;m trying to restrict just one file in a directory...with an .htaccess fi ...   restricting a file with htaccess   
  Jun 14, 2001, 19:26:34
I have placed the .htpasswd and the .htaccess file in the protected directory an ...   401 Authorization error   
  Jun 15, 2001, 17:46:26
HelloI was successful in setting up the user name/password authentication and th ...   Setting up .htaccess on Win 2000/Apache   
  Jun 16, 2001, 19:06:59
if you are using PHP, you can get the username from this variable:$HTTP_SERVER_V ...   Re: Re: redirect   
  Jun 17, 2001, 22:54:34
Great hint! ...   Re: Re: I am unable to see the .htaccess file using ws_ftp   
  Jun 18, 2001, 18:05:58
here is the .htaccess file ( I have tried many variations) yet it does not work- ...   .htaccess and .htpasswd   
  Jun 19, 2001, 15:42:13
by turning UseCanonicalName in httpd.conf to Off i solved my problem... ...   Re: username/password appears twice   
  Jun 20, 2001, 20:00:23
Apache does not seem to see .htaccess files. I have tried renaming the .htaccess ...   win2k not authenticating   
  Jun 24, 2001, 02:47:21
 Has anyone else experienced a problem using Internet Explorer 5.00 or 5.01 in w ...   Re: IE 5.0x forcing authentication twice   
  Jun 26, 2001, 16:40:24
Hello Vikrant,I was browsing the FAQ&#39;s on APache site and there was a questi ...   Re: Re: Win32 .htaccess auth failed   
  Jun 27, 2001, 14:08:25
Okay - I love this idea but how can I change the file from .htaccess.txt to .hta ...   .htaccess.txt - I can't change the file type!   
  Jun 27, 2001, 19:10:21
Good .A small correction .The syntax should berequire user valid-user instead of ...   Re: Re: How to create username/password?   
  Jun 28, 2001, 00:56:56
Howdy!Using Redhat 6.2 and Apache httpd ...(1.3?).Can someone send me a Working ...   no pop-up window!   
  Jun 28, 2001, 04:15:02
Ok, I seem to have hit some luck after visitingapachetoday.com. Just submitted a ...   Yes pop-up window!   
  Jun 28, 2001, 04:52:37
 I already install Apache on my NT box and I created file .htaccess in Apache di ...   Re: how do I set username/password on NT   
  Jul 2, 2001, 11:36:52
Forced to authenticate twice,using htaccess to serve documents to valid users. ...   htaccess embedded URL?   
  Jul 2, 2001, 20:56:46
I am getting a 500 internal server error...error log reported the following:[Mon ...   500 Error   
  Jul 2, 2001, 22:00:51
Don&#39;t worry about the name of the file containing your htaccess directives. ...   Re: .htaccess.txt - I can't change the file type!   
  Jul 4, 2001, 10:05:28
How can I modify .htacces so it only protects the files I want it to not the who ...   .HTACCES !!!!!   
  Jul 5, 2001, 21:45:47
I&#39;ve read copious documentation and examples, and cannot get this to work, u ...   RewriteRule does not work as documented   
  Jul 8, 2001, 21:59:02
I&#39;m pretty sure I&#39;ve got my .htaccess and .htpasswd files set correctly, ...   setting up httpd.conf to allow htaccess   
  Jul 10, 2001, 18:38:24
Creo que una excelente idea esto de las listas de correo para temas de esta indo ...   Apoyo su iniciativa....   
  Jul 11, 2001, 17:57:35
 | Try this in your .htaccess file:|| redirect permanent /(directory) (url)|| ex ...   Re: I need help to redirect my domain to a file! [some domains but not others!]   
  Jul 12, 2001, 01:03:03
My former web hosting service provider was taken over by another company. The n ...   Bandwidth Theft   
  Jul 12, 2001, 02:52:23
Hi all of you !It seems to be a really complicated problem to secure pages or di ...   Problems htaccess & WinNT   
  Jul 12, 2001, 06:38:18
I don&#39;t think you can do this from within the .htaccess file, but you could ...   Re: HTACCESS to redirect specific users   
  Jul 24, 2001, 16:57:49
As my .htaccess file is currently set up, if a user mistakenly enters a bad user ...   Multiple Login Rejections   
  Jul 26, 2001, 18:46:30
Is there a way that I can make .htaccess only work for a specific file in a dire ...   Can I make .htaccess for a single file?   
  Jul 29, 2001, 22:50:18
wat should i put in a htaccess if i just want 404 error processing ...   htaccess   
  Aug 1, 2001, 11:59:21
My Application has a tree structure with top 2 branches as A, B.The htaccess fil ...   htaccess group authentication   
  Aug 1, 2001, 21:39:17
Did you get a solution for your problem. I am facing a similar problem too.Let m ...   Re: How htaccess take effect   
  Aug 3, 2001, 11:29:32
is there any way to add Rewrite Rule in .htaccess ...   zope .htaccess   
  Aug 3, 2001, 13:22:48
Hello,I just want to know how you best can hide a directory index. All visitors ...   hiding directory index   
  Aug 4, 2001, 11:39:21
No, you can put an entire nation in the htaccess file if you want to. ...   Re: htaccess   
  Aug 6, 2001, 11:47:25
Can somebody tell me what this message meens?In the error_log (Apache/1.3.19,Uni ...   What meen FDN   
  Aug 8, 2001, 14:24:48
Hi there,I have a problem with a site that is using htaccess authentication. Use ...   htaccess and IE   
  Aug 9, 2001, 08:00:44
I am getting a 500 internal server error...error log reported the following:[Mon ...   please help about 500 Erro!!!   
  Aug 9, 2001, 10:25:31
Hi!Im having Apache on WinNT 5 with a NTFS filesystem.Is there a possibility to ...   How to manage acces   
  Aug 12, 2001, 14:07:56
Thanks for taking a moment to look at this:I&#39;m currently building my first e ...   Storing Credit Card Information Safely   
  Aug 12, 2001, 21:04:41
Hi everybody,I am a newbie in this field. I read a lot about using htaccess and ...   htaccess usage and implementation   
  Aug 13, 2001, 09:17:48
Hmm it seems i have the same error ... well everything works fine: the user/pas ...   Re: What meen FDN   
  Aug 13, 2001, 10:50:45
You&#39;re probably accessing a directory without including the trailing slash a ...   Re: username/password appears twice   
  Aug 13, 2001, 20:33:45
You need to modify the httpd.conf file of the Apache.Put lines like ---AuthName ...   Re: How to create username/password?   
  Aug 14, 2001, 07:34:00
Hi,I need to know how the .htacctss file is written, what is the option to valid ...   .htaccess config   
  Aug 14, 2001, 23:29:33
How do you shut down apache server?What command is needed? ...   how to shut down apache   
  Aug 15, 2001, 16:51:26
Hi, I want to define my include path for my entire www directory to a directory ...   Is it possible to define relative paths in .htaccess?   
  Aug 18, 2001, 22:58:43
 How do you shut down apache server?What command is needed?net stop apachenet st ...   Re: how to shut down apache   
  Aug 19, 2001, 16:25:27
Is there a configuration setting or directive for apache server, that will let m ...   Same username, different passwords   
  Aug 20, 2001, 20:59:24
Is there anyway to get the User Name box in the auth window to be pre-populated? ...   htaccess and User Name   
  Aug 20, 2001, 22:11:20
Please send a message here if anyone finds an answer what that "not a valid FDN" ...   let us know about FDN   
  Aug 21, 2001, 14:50:00
Hi all,I am having problem with .htaccess and SSI. I read that to turn on SSI yo ...   htaccess and SSI   
  Aug 23, 2001, 02:13:23
Hi,In httpd.conf, how to limit access to locations so that it allow one and only ...   Deny,alow: allowing one-and-only-one IP to access   
  Aug 24, 2001, 08:58:55
No matter what I tried, I kept getting an internal server error.But I think that ...   internal server error despite correct directive?   
  Aug 28, 2001, 15:35:37
i need to allow put method.current default config doesnt allow the put method.ho ...   how do you allow put method.   
  Sep 12, 2001, 08:19:16
I am also having the EXACT same problem as you have and I have been searching fo ...   Re: let us know about FDN   
  Sep 14, 2001, 10:04:10
Enter your comments below.
Your Name: Your Email Address:


Subject: CC: [will also send this talkback to an E-Mail address]
Comments:

See our talkback-policy for or guidelines on talkback content.

About Triggers Media Kit Security Triggers Login


All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux 2.2.12, Apache 1.3.9. and PHP 3.14
Copyright INT Media Group, Incorporated All Rights Reserved.
Legal Notices,  Licensing, Reprints, & Permissions,  Privacy Policy.
http://www.internet.com/