LAMPdocs: Linux, Apache, MySQL, PHP

We do often meet password protected directories on the Web. This is usually used to hide some information that should not be visible to all site users. Most common is .htaccess protection, that allows you to restrict users at Apache level and is also knows as http authentification. Today I will tell you how to protect your directory using command line.

As usually we need root access to the server and need to go to the folder which is waiting to be protected. First of all we need to create an .htaccess file that should contain the information that authentification is required to access this folder. The most common sample comes below:

AuthGroupFile /dev/null
AuthName “Closed User Group”
AuthType Basic
AuthUserFile /path_to_htpasswd_file/.htpasswd
require valid-user

Usually .htaccess and .htpasswd files are located in the same folder, but you can move .htpasswd anywhere you like: you will just need to point to its absolute location in .htaccess.  Then go to the directory where you’re planning to put your .htpasswd file.

Now we need to have username and password – that’s enough. The following command will create your .htpasswd file with login data so you can use it immediately.

htpasswd -bcm .htpasswd user password

You can read more about this command at Apache Site. But this command will help you to create a password file without any specific knowledge.

Please, note that .htpasswd is just the file name: you’re welcome to store your passwords in the files with any file names, but it would be better if it is started with a dot and if this file is stored in the directory that is not accessible from web.

Sometimes it is useful to use custom error pages on all user domains  (In case of maintenance, new software installation, etc). It’s a pity you are unable to do it for all user domains in Directadmin, just for a single one. But htaccess comes to help us this time.

Go to /home/admin/domains (certainly, replace admin with your username) and create a .htaccess file containing the following code:

ErrorDocument 404 http://google.com

This code will be valid for all domains that are owned by this user, so you don’t need to change your custom error pages one by one.

It’s a pity Directadmin doesn’t have any options for bulk domain options, i.e. bulk domain addiction, bulk DNS modification, etc. Bulk error code setting could also be a nice feature for such a panel and hope it will be realized soon

Often when you’re using shared hosting, there are some problems with directory listing. Server administrators should avoid this as this represents a security hole. But what to do if you don’t have access to httpd conf and need to prevent directory listing? What to do if you have something like this:

A simple string in .htaccess file will save you. Here it is:

IndexIgnore *

In some cases the following string will also work:

Options -Indexes

One of these two solutions will lead you to showing 403 error to the user that tries to look what files are located in your directory. But let me repeat – this is a security hole and you should notify your system administrator about this issue. This is an emergency solution…

Sometimes you need to perform any specific tasks that require nobody accesses the page while it is being edited. There may be some tests, database update or anything else. So your task is to deny access to your site from all ips except yours. Note, that all your site visitors should not be redirected anywhere, but should be shown a message that your site will be available soon, or something in this way. You need to allow access from your IP only and others should be redirected to a specific page of your site. I am going to show you 2 .htaccess solutions:

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^site\.ru
RewriteCond %{REMOTE_ADDR} !^111\.111\.111\.111
RewriteRule ^(.*)$ http://site.com/under_construction.html [L]

The second one is to use 403 page of your site:
Order deny,allow
Allow from 127.0.0.1 111.111.111.111
Deny from all

ErrorDocument 403 /reconstruction.html

You need to replace 111.111.111.111 with your IP and everything should be solved!