How to Enable & Set Up .htaccess File on Apache

What is an htaccess File?

The .htaccess file in Apache is a tool that allows configurations at the directory and subdirectory level. Using .htaccess enables you to configure website permissions without altering server configuration files.

This tutorial will show you how to set up and enable htaccess on Apache. Also, it instructs on how to restrict access to specific localizations on the server, manage IP addresses, and redirect traffic.

Prerequisites

• A working Apache web server
• Access to a terminal window/command line
• Access to a user account with sudo privileges
• A text editor, such as Nano, included by default

Step 1: Enable Apache .htaccess

By default, the .htaccess file is not enabled.

1. Open the default host configuration file by entering the following command in the terminal:

sudo nano /etc/apache2/sites-available/default

2. Locate the section labeled <Directory /var/www>.
In that section, change the AllowOverride None entry to all:

AllowOverride All

Save the file and exit.

3. Next, restart the Apache service:

sudo systemctl apache2 restart

Step 2: Create .htaccess File

Like most Linux software packages, Apache functions on configuration files. The .htaccess file is one of these. It works by specifying a setting along with a value.

To create and open the .htaccess file for editing, enter:

sudo nano /var/www/my_website.com/.htaccess

Replace my_website with the name of your actual website. If this file doesn’t exist, your text editor will create it.

Step 3: Restrict Directory Listings

There may be locations on your server that you want to restrict access to. You can do this by creating a list of usernames and passwords that are authorized to have access.

1. Start by creating a new file, .htpasswd in a different directory:

sudo nano /user/safe_location/.htpasswd

Enter a username and password for each user that you want to create. Make sure to use strong passwords, and enter only one username/password pair per line.

Save the file and exit.

2. Next edit .htaccess to enable authentication:

AuthUserFile /user/safe_location/.htpasswd

AuthGroupFile /dev/null

AuthName "Please Enter Password"

AuthType Basic

Require valid-user

Replace /user/safe_location/htpasswd with the location of your choice. Don’t store it in the same directory as your web content, for security reasons.

AuthUserFile – This sets the location for your .htpasswd file.

AuthGroupFile – We’re not using a group, so this is a placeholder.

AuthName – This is the prompt to the user – you may rephrase if you’d like.

AuthType – Type of authentication used – don’t change this.

Require valid-user – Allows any one of several authorized people to log on. You could change this to Require user new_user to restrict access only to someone with the username new_user.

Manage IP Addresses

There are many ways you can manage IP addresses:

1. Allow only specific IPs.
2. Block specific IP addresses.
3. Block visitors by the referrer.

Allow IP Addresses

To allow IP addresses, you can switch the behavior to allow a few designated IP addresses, and block the rest.

Enter the commands:

order deny, allow 

allow from 192.168.0.54

allow from 192.168.0 

Block IP Addresses

To block IP addresses in htaccess, enter: order allow, deny

To block a single IP address, enter this code next: deny from 192.168.0.54

If you leave off the final digit, it will block all IP addresses in the 0 – 255 range:

For Example: deny from 192.168.0

Block Visitors by Referrer

You may want to prevent people from being redirected from a specific site to your server. This might be helpful if you want to isolate traffic patterns. You might also use it if you were getting excess server traffic from a questionable source.

Open the .htaccess file and add the following block:

RewriteEngine on

# Options +FollowSymlinks

RewriteCond %{HTTP_REFERER} blockeddomain/.com [NC]

RewriteRule .* - [F]

The NC option instructs to ignore the upper or lower case so that the rule can’t be bypassed by entering BlockedDomain.com.

If you want to add more domains, note the following:

RewriteEngine on

# Options +FollowSymlinks

RewriteCond %{HTTP_REFERER} blockeddomain/.com [NC,OR]

RewriteCond %{HTTP_REFERER} blockeddomain2/.com

RewriteRule .* - [F]

The OR flag tells the system that you’re not done adding blocked referrers yet. Omit this option on the last entry.

Redirect Traffic

You can use the .htaccess file to redirect traffic.

Open the file and enter the following:

Redirect301/Other_Website.com/index.html/My_Website.com/index.html

This command takes any traffic that’s searching for Other_Website.com and redirects it to My_Website.com.

Set a 404 Page

You can use the .htaccess file to point basic functions to a new location. One example is the 404 page.

1. Open the .htaccess file and enter:

ErrorDocument 404 /404.html

This line tells the system to look at the website’s content directory for a /404.html file as the error page.

2. Create the 404 page using this command:

sudo nano cd /var/www/My_Website.com/public.html/404.html

This should open the 404.html file in your text editor.

3. Next, add the following code:

<!doctype html>

<html>

 <body>

   404 Error: Page not found

 </body&gt;

</html>

This page can now be customized to display any kind of error message you want. You can also customize any other error pages you’d like. Just specify the ErrorDocument number, for example, Error 500 than point .htaccess to the new error.html file that you create.

Conclusion

Enabling .htaccess can be an incredibly valuable tool for managing your Apache web server.

This guide provides basic commands and settings, with some of the most likely scenarios you might encounter.