March 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031

Categories

March 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031

htaccess-examples

I was testing authentication against Active Directory (LDAP) using Apache 2. The following worked for me in a .htaccess file but only after adding:

    LDAPVerifyServerCert Off

in the main httpd.conf file. I presume this is related to the server name in the SSL certificate on the Active Directory server.

    AuthBasicProvider ldap
    AuthzLDAPAuthoritative Off
    AuthLDAPURL ldaps://adserver.prefix.tld.co.uk:636/DC=prefix,DC=tld,DC=co,DC=uk?sAMAccountName?sub?(objectClass=user)
    AuthLDAPBindDN “CN=someuser,OU=some ou,OU=another unit,OU=department,OU=directorate,OU=Administration,OU=another big unit,DC=prefix,DC=tld,DC=co,DC=uk”
    AuthLDAPBindPassword secret
    AuthType Basic
    AuthName “Protected”
    require valid-user

Normal users should then be prompted for a username and password to access the directory and if correct credentials are supplied should be given access to the content.

redirecting-mobile-web-users

Apache Mod_Rewrite

    RewriteEngine On
    #redirect mobile browser using HTTP_ACCEPT header
    RewriteCond %{HTTP_ACCEPT} “text/vnd.wap.wml|application/vnd.wap.xhtml+xml” [NC]
    RewriteCond %{HTTP_HOST} “!m.yourmobileurl.com” [NC]
    RewriteRule (.*) http://m.yourmobileurl.com/$1 [L]
    #some high-end phone sometimes support HTML, only its sucks
    #add more browser user agent sig here
    RewriteCond %{HTTP_USER_AGENT} (nokia|symbian|iphone|blackberry) [NC]
    RewriteCond %{HTTP_HOST} “!m.yourmobileurl.com” [NC]
    RewriteRule (.*) http://m.yourmobileurl.com/$1 [L]

2. Wurfl and PHP API

3. Apache Mobile Filter

htaccess-examples

examples

Temporarily take site down for maintenance

    Options +FollowSymlinks
    RewriteEngine on
    RewriteCond %{REMOTE_ADDR} !^111\.111\.222\.111
    RewriteCond %{REQUEST_URI} !/index.html$
    RewriteRule $ /index.html [R=302,L

or

    Options +FollowSymlinks
    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/oldsite/
    RewriteCond %{REMOTE_HOST} !^123\.111\.123\.111
    RewriteRule (.*) http://www.thedomain.com/oldsite/$1 [R=301,L]

 

Redirecting to a New Domain

    Options +FollowSymLinks
    RewriteEngine on
    RewriteRule (.*) http://www.newdomain.com/$1 [R=301,L]

Force https use

    RewriteEngine On
    RewriteCond %{SERVER_PORT} !443
    RewriteRule (.*) https://www.thedomain.com/ [R]

or

    RewriteEngine On
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Use a Custom Error Document

    ErrorDocument 404 /mynotfound.html

Allowing access only from internal network

    order deny,allow
    allow from 123.123.
    deny from all

Password protecting a directory with htaccess and htpasswd
Enter the following into the .htaccess file:

    AuthUserFile /path/to/.htpasswd
    AuthName “Restricted Area”
    AuthType Basic
    Require valid-user

And then create the .htpasswd file with the following:

    /usr/local/apache/bin/htpasswd -c .htpasswd theusername

There are also online tools for creating the paswords e.g.:
http://www.htaccesstools.com/htpasswd-generator/
Redirect old address to new domain
Example http://www.domain.co.uk/mysite to http://www.mysite.com

    Options +FollowSymLinks
    RewriteEngine on
    RewriteBase /
    RewriteCond %{HTTP_HOST} ^www.domain.co.uk [NC]
    RewriteRule ^(.*)$ http://www.mysite.com/$1 [L,R=301]

Allowing Directory Browsing in single directories with .htaccess
Having a directory full of downloadable files can be useful and although it is generally accepted that allowing directory browsing from within the Apache configuration file might be a bit of a security issue, directory browsing for single directories can be useful and can be achieved using the following in a .htaccess file:

    Options +Indexes
    DirectoryIndex nonexistantfile.html nonexistantfile.htm

The reason why I have specified the DirectoryIndex as nonexistantfile.html is to ensure that if someone (or script) accidentally copies an index.html file into the directory that it won’t be used and instead the contents of the directory will be listed/browsable. Some Content Management Systems will copy new index.html files into directories even if you don’t want them 😉

.htaccess URL Rewriting
The following tool is useful for generating Rewrite Rules for SEO friendly URL’s in an Apache .htaccess file.
http://www.linkvendor.com/seo-tools/url-rewrite.html

.htaccess referers
I recently needed an intranet website to be protected so that only authorised users could get access to it. Since there is already a part of the website which requires a login and authentication to a directory I had a link placed on this page. The .htaccess file needed to accept referers only from the domain of the authenticated site. Since this new site was a single html page with hundreds of links to PDF files I also needed to add a referer for the HTML page that contained the links. Clear as mud? Yes. OK an example. The following code will not allow connections directly to www.theseconddomain.com .
www.theseconddomain.com can only be accessed by clicking a link on www.thefirstdomain.co.uk that points to www.theseconddomain.com

    SetEnvIfNoCase Referer www\.thefirstdomain\.co\.uk good_referer=1
    SetEnvIfNoCase Referer www\.theseconddomain\.com/index.html good_referer=1
    order allow,deny
    allow from env=good_referer
    ErrorDocument 403 http://www.thefirstdomain.co.uk/error.htm

Apache Authentication with Active Directory (LDAP)
Good article about this here.

A .htaccess file can be used to protect a directory on an Apache2 server. The code to use is:

    AuthType Basic
    AuthBasicProvider ldap
    AuthUserFile /dev/null
    AuthName “Test LDAP”
    AuthLDAPURL “ldap://xxxx.ads.tla.co.uk:389/OU=Staff,OU=ORG,dc=ads,dc=tla,dc=co,dc=uk?sAMAccountName?sub?(objectClass=*)”
    AuthLDAPBindDN CN=FullDNtoADuser,DC=tld,DC=co,DC=uk
    AuthLDAPBindPassword myADpassword
    AuthLDAPGroupAttributeIsDN on
    require valid-user

The values need to be changed to reflect the Active Directory structure. The most important line appears to be AuthLDAURL which is the LDAP search.

To use Exchange it may be possible to use:

    AuthLDAPURL “ldap://ldap.yourdomain.com:389/cn=Recipients,ou=ServerName,o=DomainName?uid?sub?(objectClass=*)“

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>