Blog

August 1, 2011
|

How to secure apache using .htaccess

.htaccess is used to protect directories within apache. In order to enable it, do the following

  • Backup httpd.conf (etc/httpd/conf/)
  • If not enabled, enable

;LoadModule rewrite_module modules/mod_rewrite.so
to
LoadModule rewrite_module modules/mod_rewrite.so

  • We need to change the AllowOverride directive from

<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Satisfy all
</Directory>
to

<Directory />
Options FollowSymLinks
AllowOverride All
Order deny,allow
Deny from all
Satisfy all
</Directory>

  • There might be more than one location within httpd.conf for AllowOverride. Make sure to change all locations.
  • Save httpd.conf
  • Then create .htaccess files under various www folders

AuthUserFile /dev/null

AuthGroupFile /dev/null

AuthName "Web Access Control"

AuthType Basic

<LIMIT GET>

order deny,allow

deny from all

allow from 192.168

allow from aa.bb.cc.dd.ee

</LIMIT>

 

  • Restart Apache

/etc/rc.d/initd/httpd configtest

/etc/rc.d/initid/httpd restart

Tags: ,