个人工具

UbuntuHelp:EnablingUseOfApacheHtaccessFiles

来自Ubuntu中文

Wikibot讨论 | 贡献2007年12月6日 (四) 10:13的版本

跳转至: 导航, 搜索
Geographylogo.png 文章出处: 

https://help.ubuntu.com/community/EnablingUseOfApacheHtaccessFiles

Geographylogo.png 点击翻译: 

English

请不要直接编辑翻译本页,本页将定期与来源同步。

This page was written based on Ubuntu 6.10 (Edgy), although the same may apply to other releases.

By default, Ubuntu's Apache will ignore the directives in your 
.htaccess
files.

When (not) to u
.htaccess
les

According to Apache.org's Apache Tutorial,

"In general, you should never u
.htaccess
les unless you don't have access to the main server configuration file. There is, for example, a prevailing misconception that user authentication should always be done 
.htaccess
les. This is simply not the case. You can put user authentication configurations in the main server configuration, and this is, in fact, the preferred way to do things." 
.htaccess
les should be used in a case where the content providers need to make configuration changes to the server on a per-directory basis, but do not have root access on the server system. In the event that the server administrator is not willing to make frequent configuration changes, it might be desirable to permit individual users to make these changes 
.htaccess
les for themselves." On Ed/X/Ubuntu 6.06 and Ubuntu Edgy Eft, the "main server configuration file" is 
 /etc/apache2/apache2.conf
.

OK, I know it is not recommended -- how do I do it anyway?

To make 
.htaccess
files work as expected, you need to edit 
/etc/apache2/sites-available/default
. Look for a section that looks like this: 
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                # Uncomment this directive is you want to see apache2's
                # default start page (in /apache2-default) when you go to /
                #RedirectMatch ^/$ /apache2-default/
        </Directory>
You need to modify the line containing 
AllowOverride None
to read 
AllowOverride All
. This tells Apache that it's okay to allow .htaccess files to over-ride previous directives. You must reload Apache before this change will have an effect: 
sudo /etc/init.d/apache2 reload
See http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride for more info on 
AllowOverride
.

Password-Protect a Directory With .htaccess

Warning: On at least some versions of Ubuntu, .htaccess files will not work by default. See EnablingUseOfApacheHtaccessFiles for help on enabling them. Create a file called .htaccess in the directory you want to password-protect with the follwing content: 

AuthUserFile /your/path/.htpasswd
AuthName "Authorization Required"
AuthType Basic
require valid-user
instead of 
valid-user
, you can also add the users you want directly

If you want to password protect just a single file in a folder add the following lines to the .htaccess file: 

<Files "mypage.html">
  Require valid-user
</Files>
Then create the file 
/your/path/.htpasswd
which contains the users that are allowed to login and their passwords. We do that with the 
htpasswd
command: 
htpasswd -c /path/to/your/.htpasswd user1
The 
-c
flag is used only when you are creating a new file. After the first time, you will omit the 
-c
flag, when you are adding new users to an already-existing password file. Otherwise you will overwrite the file!!

Nevertheless, you should store the file in as secure a location as possible, with whatever minimum permissions on the file so that the web server itself can read the file.

Finally we need to add the following lines to 
/etc/apache2/apache2.conf
: 
<Directory /your/path>
AllowOverride All
</Directory>
You have to adjust 
/your/path/.htpasswd

Restart your webserver: 

sudo /etc/init.d/apache2 restart

Troubleshooting

If you can't access your stuff and the dialog keeps popping up, check that you entered the username and password correctly. If it still doesn't work, check the path to your 
.htpasswd
and make sure the path specified in the 
AuthUserFile directive
is correct. Also make sure that both the 
.htpasswd
and .htaccess files are readable by the web server user 
chmod 644
should do the trick!

Example

Here is an example on how to prevent users from access the directory, password-protect a specific file and allow userse to view a specific file: 

AuthUserFile /your/path/.htpasswd
AuthName "Authorization Required"
AuthType Basic
Order Allow,Deny
<Files myfile1.html>
 Order Allow,Deny
 require valid-user
</Files>

<Files myfile2.html>
 Order Deny,Allow
</Files>
== Redirect requests using .htaccess a
mod_rewrite

Make sure Apache .htaccess is enabled and the Apache module mod_rewrite is enabled and then you can redirect requests using RewriteRules 

RewriteRule ^x.x$ y.y
取自“https://wiki.ubuntu.org.cn/index.php?title=UbuntuHelp:EnablingUseOfApacheHtaccessFiles&oldid=61600