LAMPdocs: Linux, Apache, MySQL, PHP

Sometimes it is useful to use custom error pages on all user domains  (In case of maintenance, new software installation, etc). It’s a pity you are unable to do it for all user domains in Directadmin, just for a single one. But htaccess comes to help us this time.

Go to /home/admin/domains (certainly, replace admin with your username) and create a .htaccess file containing the following code:

ErrorDocument 404 http://google.com

This code will be valid for all domains that are owned by this user, so you don’t need to change your custom error pages one by one.

It’s a pity Directadmin doesn’t have any options for bulk domain options, i.e. bulk domain addiction, bulk DNS modification, etc. Bulk error code setting could also be a nice feature for such a panel and hope it will be realized soon

Often when you’re using shared hosting, there are some problems with directory listing. Server administrators should avoid this as this represents a security hole. But what to do if you don’t have access to httpd conf and need to prevent directory listing? What to do if you have something like this:

A simple string in .htaccess file will save you. Here it is:

IndexIgnore *

In some cases the following string will also work:

Options -Indexes

One of these two solutions will lead you to showing 403 error to the user that tries to look what files are located in your directory. But let me repeat - this is a security hole and you should notify your system administrator about this issue. This is an emergency solution…

Sometimes you need to perform any specific tasks that require nobody accesses the page while it is being edited. There may be some tests, database update or anything else. So your task is to deny access to your site from all ips except yours. Note, that all your site visitors should not be redirected anywhere, but should be shown a message that your site will be available soon, or something in this way. You need to allow access from your IP only and others should be redirected to a specific page of your site. I am going to show you 2 .htaccess solutions:

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^site\.ru
RewriteCond %{REMOTE_ADDR} !^111\.111\.111\.111
RewriteRule ^(.*)$ http://site.com/under_construction.html [L]

The second one is to use 403 page of your site:
Order deny,allow
Allow from 127.0.0.1 111.111.111.111
Deny from all

ErrorDocument 403 /reconstruction.html

You need to replace 111.111.111.111 with your IP and everything should be solved!

Sometimes we need to close access to cerain file types. We often deny directory listings and think that’s enough. But even if the files will not appear in directory indexes this will not imply that access to the files will be denied and if a remote user knows the exact location of the file, he will still be able to access the file from a browser. How can someone find out about the location of the private file? Well this doesn’t really matter too much, but he might see paths, or files, shown in a warning messages, or anything else.
So if there are ’special files’ that you want to not be served in any case to remote users then you will have to deny access to them.

In order to achieve this we will be using the standard apache module mod_access that will allow us to define rules for various contexts (<Directory>, <Files>, and <Location> sections). In this case we will be interested in the <Files> section.
Allow/Deny Directive in <Files>

Your apache might contain in the default configuration (or at least it would be nice) a configuration similar to the following one that will deny access from the browser to .htaccess files:

<Files ~ "^\.htaccess">
Order allow,deny
Deny from all
</Files>

Let’s see how we can deny access to several files; let’s consider that we want to deny access to all files with the extension .inc (includes in our php application). In order to achieve this we will add the following configuration lines in the appropriate context (either global config, or vhost/directory, or from .htaccess):

<Files ~ "\.inc$">
Order allow,deny
Deny from all
</Files>

Similar to this we can deny access to whatever files we might need. This does not refer to folder protection, it works just for defined file types. You can protect a directory from being viewed using Directadmin Ditectory Password protection page.