Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Htaccess Cheatsheet

Requre HTTP Basic Auth

This is the most common thing that one may need an htaccess file. Implementing a really basic username/password around a site so that you can't see any of it unless you plug in the details. This also works well for APIs though too.

AuthType Basic
AuthName "Protected Directory"
AuthUserFile "/var/www/my-site/.htpasswd"
Require valid-user

That would require a .htpasswd file at /var/www/my-site though, so don't forget to put one there, and make sure that is not a public area in your apache config.

Allow Certain Folders

If you want to block all folder except certain ones, read my post on Htaccess - Require Auth For Everywhere Except Whitelist.

Htpasswd

The htpasswd file can be used to list all the users and their hashed passwords, that should have access to the site. There should be one line for each user. E.g.

user1:$2y$05$5WwxMM7hsG0J4gbfQty1BOPO7xYp7NiGT3iq4TlnTRB7sZJDn49pa
user2:$2y$05$/ofEZc3e0w82TFLuIcptiuv9ifyUtFlk1cmV5logDYDabRlZEvBdC
user3:$2y$05$ozer.xrEfhWbnyJgzFgtS..XMip2cZeNasg6s3VNW9uwKlDXwBZsS

Even if two users have the same password, the password hash will look different (unless you literally copy/pasted them, which would be dumb).

To generate a line for a new user in the file, run the following script (swapping out the variables).

USERNAME="myUsername"
PASSWORD="myPassword"

htpasswd -Bbn $USERNAME $PASSWORD

Redirect To Index.php Except Existing Files

If you are using a PHP framework that implements a routing engine, you may wish for Apache to route all requests to index.php unless its for a file that already exists (e.g. a Javascript script file, or an image).

This is as easy as:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ public/index.php [QSA,L]

Don't forget that you will need to enable the rewriting module in Apache with sudo a2enmod rewrite

Last updated: 13th February 2021
First published: 12th February 2021