I was testing authentication against Active Directory (LDAP) using Apache 2. The following worked for me in a .htaccess file but only after adding:<\/p>\n
\u00a0\u00a0\u00a0 LDAPVerifyServerCert Off<\/p>\n
in the main httpd.conf file. I presume this is related to the server name in the SSL certificate on the Active Directory server.<\/p>\n
\u00a0\u00a0\u00a0 AuthBasicProvider ldap
\u00a0\u00a0\u00a0 AuthzLDAPAuthoritative Off
\u00a0\u00a0\u00a0 AuthLDAPURL ldaps:\/\/adserver.prefix.tld.co.uk:636\/DC=prefix,DC=tld,DC=co,DC=uk?sAMAccountName?sub?(objectClass=user)
\u00a0\u00a0\u00a0 AuthLDAPBindDN \u201cCN=someuser,OU=some ou,OU=another unit,OU=department,OU=directorate,OU=Administration,OU=another big unit,DC=prefix,DC=tld,DC=co,DC=uk\u201d
\u00a0\u00a0\u00a0 AuthLDAPBindPassword secret
\u00a0\u00a0\u00a0 AuthType Basic
\u00a0\u00a0\u00a0 AuthName \u201cProtected\u201d
\u00a0\u00a0\u00a0 require valid-user<\/p>\n
Normal users should then be prompted for a username and password to access the directory and if correct credentials are supplied should be given access to the content.<\/p>\n
redirecting-mobile-web-users<\/p>\n
Apache Mod_Rewrite<\/p>\n
\u00a0\u00a0\u00a0 RewriteEngine On
\u00a0\u00a0\u00a0 #redirect mobile browser using HTTP_ACCEPT header
\u00a0\u00a0\u00a0 RewriteCond %{HTTP_ACCEPT} “text\/vnd.wap.wml|application\/vnd.wap.xhtml+xml” [NC]
\u00a0\u00a0\u00a0 RewriteCond %{HTTP_HOST} “!m.yourmobileurl.com” [NC]
\u00a0\u00a0\u00a0 RewriteRule (.*) http:\/\/m.yourmobileurl.com\/$1 [L]
\u00a0\u00a0\u00a0 #some high-end phone sometimes support HTML, only its sucks
\u00a0\u00a0\u00a0 #add more browser user agent sig here
\u00a0\u00a0\u00a0 RewriteCond %{HTTP_USER_AGENT} (nokia|symbian|iphone|blackberry) [NC]
\u00a0\u00a0\u00a0 RewriteCond %{HTTP_HOST} “!m.yourmobileurl.com” [NC]
\u00a0\u00a0\u00a0 RewriteRule (.*) http:\/\/m.yourmobileurl.com\/$1 [L]<\/p>\n
2. Wurfl and PHP API<\/p>\n
3. Apache Mobile Filter<\/p>\n
htaccess-examples<\/p>\n
examples<\/p>\n
Temporarily take site down for maintenance<\/p>\n
\u00a0\u00a0\u00a0 Options +FollowSymlinks
\u00a0\u00a0\u00a0 RewriteEngine on
\u00a0\u00a0\u00a0 RewriteCond %{REMOTE_ADDR} !^111\\.111\\.222\\.111
\u00a0\u00a0\u00a0 RewriteCond %{REQUEST_URI} !\/index.html$
\u00a0\u00a0\u00a0 RewriteRule $ \/index.html [R=302,L<\/p>\n
or<\/p>\n
\u00a0\u00a0\u00a0 Options +FollowSymlinks
\u00a0\u00a0\u00a0 RewriteEngine on
\u00a0\u00a0\u00a0 RewriteCond %{REQUEST_URI} !^\/oldsite\/
\u00a0\u00a0\u00a0 RewriteCond %{REMOTE_HOST} !^123\\.111\\.123\\.111
\u00a0\u00a0\u00a0 RewriteRule (.*) http:\/\/www.thedomain.com\/oldsite\/$1 [R=301,L]<\/p>\n
<\/p>\n
Redirecting to a New Domain<\/p>\n
\u00a0\u00a0\u00a0 Options +FollowSymLinks
\u00a0\u00a0\u00a0 RewriteEngine on
\u00a0\u00a0\u00a0 RewriteRule (.*) http:\/\/www.newdomain.com\/$1 [R=301,L]<\/p>\n
Force https use<\/p>\n
\u00a0\u00a0\u00a0 RewriteEngine On
\u00a0\u00a0\u00a0 RewriteCond %{SERVER_PORT} !443
\u00a0\u00a0\u00a0 RewriteRule (.*) https:\/\/www.thedomain.com\/ [R]<\/p>\n
or<\/p>\n
\u00a0\u00a0\u00a0 RewriteEngine On
\u00a0\u00a0\u00a0 RewriteCond %{SERVER_PORT} !^443$
\u00a0\u00a0\u00a0 RewriteRule ^.*$ https:\/\/%{SERVER_NAME}%{REQUEST_URI} [L,R]<\/p>\n
Use a Custom Error Document<\/p>\n
\u00a0\u00a0\u00a0 ErrorDocument 404 \/mynotfound.html<\/p>\n
Allowing access only from internal network<\/p>\n
\u00a0\u00a0\u00a0 order deny,allow
\u00a0\u00a0\u00a0 allow from 123.123.
\u00a0\u00a0\u00a0 deny from all<\/p>\n
Password protecting a directory with htaccess and htpasswd
Enter the following into the .htaccess file:<\/p>\n
\u00a0\u00a0\u00a0 AuthUserFile \/path\/to\/.htpasswd
\u00a0\u00a0\u00a0 AuthName \u201cRestricted Area\u201d
\u00a0\u00a0\u00a0 AuthType Basic
\u00a0\u00a0\u00a0 Require valid-user<\/p>\n
And then create the .htpasswd file with the following:<\/p>\n
\u00a0\u00a0\u00a0 \/usr\/local\/apache\/bin\/htpasswd -c .htpasswd theusername<\/p>\n
There are also online tools for creating the paswords e.g.:
http:\/\/www.htaccesstools.com\/htpasswd-generator\/
Redirect old address to new domain
Example http:\/\/www.domain.co.uk\/mysite to http:\/\/www.mysite.com<\/p>\n
\u00a0\u00a0\u00a0 Options +FollowSymLinks
\u00a0\u00a0\u00a0 RewriteEngine on
\u00a0\u00a0\u00a0 RewriteBase \/
\u00a0\u00a0\u00a0 RewriteCond %{HTTP_HOST} ^www.domain.co.uk [NC]
\u00a0\u00a0\u00a0 RewriteRule ^(.*)$ http:\/\/www.mysite.com\/$1 [L,R=301]<\/p>\n
Allowing Directory Browsing in single directories with .htaccess
Having a directory full of downloadable files can be useful and although it is generally accepted that allowing directory browsing from within the Apache configuration file might be a bit of a security issue, directory browsing for single directories can be useful and can be achieved using the following in a .htaccess file:<\/p>\n
\u00a0\u00a0\u00a0 Options +Indexes
\u00a0\u00a0\u00a0 DirectoryIndex nonexistantfile.html nonexistantfile.htm<\/p>\n
The reason why I have specified the DirectoryIndex as nonexistantfile.html is to ensure that if someone (or script) accidentally copies an index.html file into the directory that it won\u2019t be used and instead the contents of the directory will be listed\/browsable. Some Content Management Systems will copy new index.html files into directories even if you don\u2019t want them \ud83d\ude09<\/p>\n
.htaccess URL Rewriting
The following tool is useful for generating Rewrite Rules for SEO friendly URL\u2019s in an Apache .htaccess file.
http:\/\/www.linkvendor.com\/seo-tools\/url-rewrite.html<\/p>\n
.htaccess referers
I recently needed an intranet website to be protected so that only authorised users could get access to it. Since there is already a part of the website which requires a login and authentication to a directory I had a link placed on this page. The .htaccess file needed to accept referers only from the domain of the authenticated site. Since this new site was a single html page with hundreds of links to PDF files I also needed to add a referer for the HTML page that contained the links. Clear as mud? Yes. OK an example. The following code will not allow connections directly to www.theseconddomain.com .
www.theseconddomain.com can only be accessed by clicking a link on www.thefirstdomain.co.uk that points to www.theseconddomain.com<\/p>\n
\u00a0\u00a0\u00a0 SetEnvIfNoCase Referer www\\.thefirstdomain\\.co\\.uk good_referer=1
\u00a0\u00a0\u00a0 SetEnvIfNoCase Referer www\\.theseconddomain\\.com\/index.html good_referer=1
\u00a0\u00a0\u00a0 order allow,deny
\u00a0\u00a0\u00a0 allow from env=good_referer
\u00a0\u00a0\u00a0 ErrorDocument 403 http:\/\/www.thefirstdomain.co.uk\/error.htm<\/p>\n
Apache Authentication with Active Directory (LDAP)
Good article about this here.<\/p>\n
A .htaccess file can be used to protect a directory on an Apache2 server. The code to use is:<\/p>\n
\u00a0\u00a0\u00a0 AuthType Basic
\u00a0\u00a0\u00a0 AuthBasicProvider ldap
\u00a0\u00a0\u00a0 AuthUserFile \/dev\/null
\u00a0\u00a0\u00a0 AuthName \u201cTest LDAP\u201d
\u00a0\u00a0\u00a0 AuthLDAPURL \u201cldap:\/\/xxxx.ads.tla.co.uk:389\/OU=Staff,OU=ORG,dc=ads,dc=tla,dc=co,dc=uk?sAMAccountName?sub?(objectClass=*)\u201d
\u00a0\u00a0\u00a0 AuthLDAPBindDN CN=FullDNtoADuser,DC=tld,DC=co,DC=uk
\u00a0\u00a0\u00a0 AuthLDAPBindPassword myADpassword
\u00a0\u00a0\u00a0 AuthLDAPGroupAttributeIsDN on
\u00a0\u00a0\u00a0 require valid-user<\/p>\n
The values need to be changed to reflect the Active Directory structure. The most important line appears to be AuthLDAURL which is the LDAP search.<\/p>\n
To use Exchange it may be possible to use:<\/p>\n
\u00a0\u00a0\u00a0 AuthLDAPURL \u201cldap:\/\/ldap.yourdomain.com:389\/cn=Recipients,ou=ServerName,o=DomainName?uid?sub?(objectClass=*)\u201c<\/p>\n","protected":false},"excerpt":{"rendered":"
I was testing authentication against Active Directory (LDAP) using Apache 2. The following worked for me in a .htaccess file but only after adding:<\/p>\n
LDAPVerifyServerCert Off<\/p>\n
in the main httpd.conf file. I presume this is related to the server name in the SSL certificate on the Active Directory server.<\/p>\n
AuthBasicProvider ldap AuthzLDAPAuthoritative Off […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1525"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1525"}],"version-history":[{"count":4,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1525\/revisions"}],"predecessor-version":[{"id":1529,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1525\/revisions\/1529"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1525"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1525"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1525"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}