01.08.2023

How to create and customize .htaccess?

Introduction

We can't imagine modern world without online marketplace, store, search engine, messengers and all precious component of WEB, which allowed us to communicate more faster. But new features bring us also new vulnerabilities and details which we need to proceed and rapidly react. For that options we need single panel for control server it's htaccess!

Configuring web servers via configuration files is a common and comfortable practice for several reasons:

Overall, configuration files provide a straightforward and effective way to manage web servers, granting administrators control and customization options for optimizing server performance and security to meet their specific needs.


Requirements

Installation:

First of all step in this guide begin at the update and upgrade whole system, for that type in the CLI command below:

apt update && apt upgrade -y

Screenshot №1 — Update OS

If you already have Apache webserver then you can skip that step of installation and go ahead, but if you don't prepare a server — enter that command below and make sure that you have needed package:

apt list | grep apache2

Screenshot №2 — Package list

After that if we find our package like at the picture above, then install web-server, it run automatically and start their service:

apt install apache2

Screenshot №3 — Installation apache2

After installing Apache2, it will be automatically launched, and its configuration files will be located in different places depending on your OS. In that web server we use httpd.conf (or apache2.conf on some systems) configuration file for setup global parameters. Reminder! Htaccess we use for override some rules of proceed client query and optimize our server reply.

Ensuring that your web server permits the usage of .htaccess files is crucial. To achieve this, verify that the AllowOverride directive is enabled in the primary Apache2 configuration file (httpd.conf or apache2.conf). Change value AllowOverride to All:

nano ./etc/apache2/apache2.conf

Screenshot №4 — Change value

If you can't find needed directory then use command below:

cd / && find ./ -name apache2.conf && find ./ -name httpd.conf

Screenshot №5 — Find config

By enabling AllowOverride, you grant the server the ability to interpret directives specified in .htaccess files located in your website's directories. This allows for more flexible and customized configurations at the directory level, enhancing the overall functionality and security of your web server.

On the default settings configuration hierarchy:

Screenshot №6 — Hierarchy of files

The arrangement of Apache files can vary based on the operating system and the method of installation. However, below is the general organization commonly used in most installations:

Now we can configure htaccess file, which is override extension for our currently configuration. All changes and values of that file will affect on the config in result. Let's demonstrate how that work on the ordinary configuration.

At first, you need to enable override function and indicate DocumentRoot in virtualhost configuration for that enter in CLI:

mkdir /etc/site-for-test
nano /etc/apache2/sites-available/000-default.conf

Screenshot №7 — Virtual host config

Change parameter ServerName for your self domain and AllowOverride to value All. Reminder! You need have on the DNS panel control accordance record, that indicate Public IP of your server! Change DocumentRoot for your work directory with pages and files of needed site. In that case we create site-for-test directory. Next, create your first simple page or if you use your own web-site then skip this step:

nano /etc/site-for-test/index.html

Screenshot №8 — Firts page

<! DOCTYPE html>
<html>
<head>
<title>TEST</title>
</head>
<body>
<h1>Hi, that test htaccess file!</h1>
</body>
</html>

The content of your page may be with another config and structure, but sense has been saved. Let's create in the same folder .htaccess file which build logic chain between html and user action. Create file:

nano /etc/site-for-test/.htaccess
RewriteEngine On
RewriteRule "hello$ index.html [L]

Screenshot №9 — Override config

That configuration by the syntax RewriteEngine On enable module rewrite on the server and on the next raw rebuild rule which literally assigned with html page and attribute [L] means last rule fo execute and follow instructions will ignored. For properly work we need to enable rewrite module which include to apache2 package and restart service:

sudo a2enmod rewrite && systemctl restart apache2

Screenshot №10 — Additional step

Let's check result of our actions:

Screenshot №11 — Main page

Check URL our site:

Screenshot №12 — URL page

Access control

Consider popular example of .htaccess usage. The .htaccess file serves as a powerful configuration tool that can control access to the files, folders and whole directories of the your web-sites!

Order: This command determines the sequence in which directives are executed. It establishes the precedence of subsequent directives, regardless of their arrangement within the file.

Deny: By using this directive, you can disallow access to a particular directory from specified addresses or IP addresses.

Allow: Conversely, this directive permits access to the directory solely from the specified addresses or IP addresses.

By employing these commands, you can easily tailor access to specific resources on your web server. For instance, you can utilize .htaccess to restrict access to sensitive information within a designated folder or grant access exclusively to specific IP addresses, thereby enhancing security and exercising control over your website's resources. Open the .htaccess file which we create before and enter that config additional to the previous syntax.

Order allow,deny
Allow 95.141.86.46

That config determine process access to the folder on the server, therefore allow access exclusively for our IP. You need to change that value to your network address! In the result we can see Forbidden flag to login into the site from another IP address:

Screenshot №13 — Forbidden

Indexes restrict

To enhance security, you can prevent directory listing in Apache web server. By default, if no index.html or specified file is found in a directory, Apache displays a list of all files present in that directory. To disable this feature and restrict directory listing, apply the following configuration:

Options -Indexes

Not found — 404

To redirect visitors to a 404 page (the "Not Found" page) when the requested page is missing, you can implement the following code:

nano /etc/site-for-test/error404.html

Enter the following content into the file:

<!DOCTYPE html>
<html>
<head>
<title>Page Not Found - 404 Error</title>
</head>
<h1>
<body>404 Page not found!</body>
</h1>
</html>

Then add to a config .htaccess and finished set up:

ErrorDocument 404 /error404.html

Screenshot №14 — Not found

Redirection

Create html page as we consider in previous step and make target file to redirect:

nano /etc/site-for-test/targeturl.html

To achieve the redirection from "/hello" to "/target" with a 301 (permanent) redirect, you can use the following RewriteRule in your .htaccess file:

RewriteRule ^hello$ /target [R=301,L]
RewriteRule ^hello$ index.html
RewriteRule ^target$ targeturl.html

RewriteEngine On: This enables the RewriteEngine, allowing the use of rewrite rules in the .htaccess file.

RewriteRule ^hello$ /target [R=301,L]: This rule matches requests to "/hello" (the "^" denotes the start and "$" denotes the end of the URL) and redirects them to "/target" using a 301 (permanent) redirect. The "R=301" flag indicates a permanent redirect, and the "L" flag indicates that this is the last rule to be executed.

With this configuration, any request to "/hello" will be redirected to "/target" with a 301 status code, meaning it will be a permanent redirect. Other rules present in the .htaccess file after this one will not be executed due to the "L" flag.

Screenshot №15 — Redirection

Conclusion

The .htaccess file is a powerful tool for controlling access to resources on a web server. It offers web administrators the ability to define the execution order of directives, block access from specific IP addresses or addresses using the "Deny" directive, and grant access only to specified locations with the "Allow" directive. This provides administrators with the flexibility to customize access control, ensuring security and precise control over server resources.

Moreover, the .htaccess file serves other important purposes as well. It can manage indexes, preventing directory listings and thus enhancing security by not exposing sensitive files. Additionally, it can handle 404 (Not Found) errors, allowing administrators to redirect visitors to a custom error page when a requested page is missing or unavailable.

Furthermore, the "RewriteRule" directive within the .htaccess file enables powerful redirection capabilities. Web administrators can use this directive to perform URL redirections, directing visitors from one URL to another. This can be useful for creating user-friendly URLs, implementing permanent or temporary redirects, or managing website structure changes.

In summary, the .htaccess file is a versatile and indispensable tool for web server configuration. It provides control over access, security, error handling, and URL redirection, making it an essential component for optimizing and customizing a web server to meet specific website or application requirements.