Carnegie Mellon University School of Computer Science

Using .htaccess files in AFS

The SCS Web servers run the Apache 2 Web server. Like other Web servers running Apache, the SCS Web servers use files named .htaccess to control how site visitors can access files in a directory.

Note: The full name of the file is ".htaccess".

These .htaccess files are plain text files that can be created and edited with any text editor. These files contain instructions to the Apache Web server concerning who can access files along with other optional directives. .htaccess files can also be used to prompt a visitor to enter a username and password in order to view the site. Only file access by the SCS Web server is controlled by .htaccess files; they do not restrict access to files via AFS file access.

How .htaccess files are used by the Web server

When the SCS Web servers try to access a file in a directory, they check every directory along the path to that file (including the directory that the file is located in) for an .htaccess file. If an .htaccess file is not located, the Web server will not be able to access the file. If it finds an .htaccess file, it uses the directives in that file to control access.

Note that later .htaccess files override earlier ones. For example, an .htaccess file in /afs/cs/user/example/www/ would override an .htaccess file in /afs/cs/user/example/.

Note: .htaccess files must be readable by the web servers in order for them to work. This means that the directories containing .htaccess files must have an wwwsrv:http-ftp rl AFS ACL (or an even more liberal ACL, such as system:anyuser rl). See the AFS groups page for additional information.

Exercise caution when writing .htaccess files. Improper syntax may result in your Website failing to load properly.

Examples of .htaccess files 

The examples below contain the complete contents of an .htaccess file that would achieve one of many common objectives.  You may combine them to build an .htaccess file to provide for the functionality of each example.

Index Page Behavior

The index.html file is the default page displayed for a SCS website directory. You may chose an alternative filename to serve as the main page for a directory using DirectoryIndex. The webserver will display a directory listing of all files and sub-directories when no index page is present. You may use IndexIgnore to control this behavior. 

Change the site index page to a specific filename to home.html
DirectoryIndex home.html
Hide directory listing of all files and sub-directories (no index page present)
IndexIgnore *
Hide directory listing of specific files or subdirectories (no index page present)
IndexIgnore .htaccess images about.html

Restrict Access to Web Content

Content may be restricted to individuals with Andrew or SCS accounts. This will require authentication through the familiar Web Login page.

Use this Shibboleth method as an alternative for content restriction instead of host allow or deny methods. The common method of allowing and denying access to content based on hostnames or IP addresses does not currently work with our server configurations. This functionality may be available in the future. 

Use Shibboleth password protection for any Andrew or SCS user account
AuthType Shibboleth
ShibRequestSetting requireSession 1
ShibRequestSetting redirectToSSL 443
Require valid-user