I was testing authentication against Active Directory (LDAP) using Apache 2. The following worked for me in a .htaccess file but only after adding:
LDAPVerifyServerCert Off
in the main httpd.conf file. I presume this is related to the server name in the SSL certificate on the Active Directory server.
AuthBasicProvider ldap
AuthzLDAPAuthoritative Off
AuthLDAPURL ldaps://adserver.prefix.tld.co.uk:636/DC=prefix,DC=tld,DC=co,DC=uk?sAMAccountName?sub?(objectClass=user)
AuthLDAPBindDN “CN=someuser,OU=some ou,OU=another unit,OU=department,OU=directorate,OU=Administration,OU=another big unit,DC=prefix,DC=tld,DC=co,DC=uk”
AuthLDAPBindPassword secret
AuthType Basic
AuthName “Protected”
require valid-user
Normal users should then be prompted for a username and password to access the directory and if correct credentials are supplied should be given access to the content.
redirecting-mobile-web-users
Apache Mod_Rewrite
RewriteEngine On
#redirect mobile browser using HTTP_ACCEPT header
RewriteCond %{HTTP_ACCEPT} “text/vnd.wap.wml|application/vnd.wap.xhtml+xml” [NC]
RewriteCond %{HTTP_HOST} “!m.yourmobileurl.com” [NC]
RewriteRule (.*) http://m.yourmobileurl.com/$1 [L]
#some high-end phone sometimes support HTML, only its sucks
#add more browser user agent sig here
RewriteCond %{HTTP_USER_AGENT} (nokia|symbian|iphone|blackberry) [NC]
RewriteCond %{HTTP_HOST} “!m.yourmobileurl.com” [NC]
RewriteRule (.*) http://m.yourmobileurl.com/$1 [L]
2. Wurfl and PHP API
3. Apache Mobile Filter
htaccess-examples
examples
Temporarily take site down for maintenance
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^111\.111\.222\.111
RewriteCond %{REQUEST_URI} !/index.html$
RewriteRule $ /index.html [R=302,L
or
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/oldsite/
RewriteCond %{REMOTE_HOST} !^123\.111\.123\.111
RewriteRule (.*) http://www.thedomain.com/oldsite/$1 [R=301,L]
Redirecting to a New Domain
Options +FollowSymLinks
RewriteEngine on
RewriteRule (.*) http://www.newdomain.com/$1 [R=301,L]
Force https use
RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://www.thedomain.com/ [R]
or
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
Use a Custom Error Document
ErrorDocument 404 /mynotfound.html
Allowing access only from internal network
order deny,allow
allow from 123.123.
deny from all
Password protecting a directory with htaccess and htpasswd
Enter the following into the .htaccess file:
AuthUserFile /path/to/.htpasswd
AuthName “Restricted Area”
AuthType Basic
Require valid-user
And then create the .htpasswd file with the following:
/usr/local/apache/bin/htpasswd -c .htpasswd theusername
There are also online tools for creating the paswords e.g.:
http://www.htaccesstools.com/htpasswd-generator/
Redirect old address to new domain
Example http://www.domain.co.uk/mysite to http://www.mysite.com
Options +FollowSymLinks
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} ^www.domain.co.uk [NC]
RewriteRule ^(.*)$ http://www.mysite.com/$1 [L,R=301]
Allowing Directory Browsing in single directories with .htaccess
Having a directory full of downloadable files can be useful and although it is generally accepted that allowing directory browsing from within the Apache configuration file might be a bit of a security issue, directory browsing for single directories can be useful and can be achieved using the following in a .htaccess file:
Options +Indexes
DirectoryIndex nonexistantfile.html nonexistantfile.htm
The reason why I have specified the DirectoryIndex as nonexistantfile.html is to ensure that if someone (or script) accidentally copies an index.html file into the directory that it won’t be used and instead the contents of the directory will be listed/browsable. Some Content Management Systems will copy new index.html files into directories even if you don’t want them 😉
.htaccess URL Rewriting
The following tool is useful for generating Rewrite Rules for SEO friendly URL’s in an Apache .htaccess file.
http://www.linkvendor.com/seo-tools/url-rewrite.html
.htaccess referers
I recently needed an intranet website to be protected so that only authorised users could get access to it. Since there is already a part of the website which requires a login and authentication to a directory I had a link placed on this page. The .htaccess file needed to accept referers only from the domain of the authenticated site. Since this new site was a single html page with hundreds of links to PDF files I also needed to add a referer for the HTML page that contained the links. Clear as mud? Yes. OK an example. The following code will not allow connections directly to www.theseconddomain.com .
www.theseconddomain.com can only be accessed by clicking a link on www.thefirstdomain.co.uk that points to www.theseconddomain.com
SetEnvIfNoCase Referer www\.thefirstdomain\.co\.uk good_referer=1
SetEnvIfNoCase Referer www\.theseconddomain\.com/index.html good_referer=1
order allow,deny
allow from env=good_referer
ErrorDocument 403 http://www.thefirstdomain.co.uk/error.htm
Apache Authentication with Active Directory (LDAP)
Good article about this here.
A .htaccess file can be used to protect a directory on an Apache2 server. The code to use is:
AuthType Basic
AuthBasicProvider ldap
AuthUserFile /dev/null
AuthName “Test LDAP”
AuthLDAPURL “ldap://xxxx.ads.tla.co.uk:389/OU=Staff,OU=ORG,dc=ads,dc=tla,dc=co,dc=uk?sAMAccountName?sub?(objectClass=*)”
AuthLDAPBindDN CN=FullDNtoADuser,DC=tld,DC=co,DC=uk
AuthLDAPBindPassword myADpassword
AuthLDAPGroupAttributeIsDN on
require valid-user
The values need to be changed to reflect the Active Directory structure. The most important line appears to be AuthLDAURL which is the LDAP search.
To use Exchange it may be possible to use:
AuthLDAPURL “ldap://ldap.yourdomain.com:389/cn=Recipients,ou=ServerName,o=DomainName?uid?sub?(objectClass=*)“
Recent Comments