==== htaccess for apache ====
\\
.htaccess allows for management of webserver configuration and can be used for things link: specifying protecting of a location, protecting wp-admin login for wordpress and configuring mod_rewrites. To use the .htaccess file you will need to allow the file the ability to override all. This will need to be configured in the apache config file or the vhost itself. \\
If you change the apache configuration file then this will allow it for all vhosts created. If you allow the .htaccess in a vhost config file then it will only work for that specific vhost.
You may have to uncomment the section in the **/etc/httpd/conf/httpd.conf** file. The section looks similar to:
# AllowOverride controls what directives may be placed in .htaccess files
# It can be “All”, “None”, or any combination of the keywords:
# Options FileInfo AuthConfig Limit
AllowOverride All
The vhost will need **AllowOverride All** placed in a similar location to:
AllowOverride controls what directives may be placed in .htaccess files.
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
\\
=== Basic http File Protection (authentication) ===
This example shows the file being used to protect the specific file that admins use to log into the wordpress site (wp-login.php), you can change this to what ever file you wish to protect. Add this section to the file:
AuthUserFile /var/www/html/.htpasswd
AuthType Basic
AuthName "hello"
Require valid-user
\\
=== Document Path Protection (authentication) ===
AuthName "Private"
AuthType Basic
AuthUserFile /var/www/html/.htpasswd
Require valid-user
\\
=== Mod_rewrite apache ===
Mod_rewrite needs to be used for wordpress sites if you wish to change the shortlink. For example this page has the address of: http://lukeslinuxlessons.co.uk/004-htaccess/
Without the mod rewrite the page may be numbered something like page-10 rather than the title of the page. Add the following code to add mod_rewrite:
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
\\
==== .htpassword ====
You should avoid having this file in the same document as the .htaccess. It is better to have this in the directory below the .htaccess (e.g /var/www/html/ rather than **/var/www/html/LukesLinuxLessons.co.uk/**
In this file you will have the user list and the hashed password that will be used to authenticate and be granted access to the password protected area.
You can use an online generator to produce the .htpasswd username and hashed password or you can do it via the command line.
== Command Line Example ==
Change the path below to where you wish to store the password file
htpasswd -c /var/www/.htpass username
**Example:**
lukeshirnia:$apr1$w9Kl3$7UO9dsadqfNWkXufX.j8/
webdeveloper:dhaNI0w8ajGTUskliasun(U*&HKks/
\\
=== phpMyAdmin .htaccess ===
To password protect phpMyAdmin you should edit /etc/httpd/conf.d/phpMyAdmin. In this file you should then add the following code:
AuthType Basic
AuthName "Enter account information"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
AuthUserFile – this should reference the .htaccess password file you have set up previously