Carnegie Mellon University School of Computer Science

AFS KB: Using .htaccess files

The SCS Web servers run the Apache 2 Web server. Like other Web servers running Apache, the SCS Web servers use files named .htaccess to control how site visitors can access files in a directory.

Note: The full name of the file is ".htaccess".

These .htaccess files are plain text files that can be created and edited with any text editor. These files contain instructions to the Apache Web server concerning who can access files along with other optional drectives. .htaccess files can also be used to prompt a visitor to enter a username and password in order to view the site. Only file access by the SCS Web server is controlled by .htaccess files; they do not restrict access to files via AFS file access.

How .htaccess files are used by the Web server

When the SCS Web servers try to access a file in a directory, they check every directory along the path to that file (including the directory that the file is located in) for an .htaccess file. If an .htaccess file is not located, the Web server will not be able to access the file. If it finds an .htaccess file, it uses the directives in that file to control access.

Note that later .htaccess files override earlier ones. For example, a .htaccess file in /afs/cs/user/example/www/ would override a .htaccess file in /afs/cs/user/example/.

Note: .htaccess files must be readable by the web servers in order for them to work. This means that the directories containing .htaccess files must have an "wwwsrv:http-ftp rl" AFS ACL (or an even more liberal ACL, such as "system:anyuser rl"). See the AFS groups page for additional information.

Examples of .htaccess files 

 The examples below contain the complete contents of a .htaccess file that would achieve one of many common objectives.  

Allow web access of files from anyone 

order allow,deny 
allow from all 


Only allow Web access from Carnegie Mellon hosts 

order deny,allow 
deny from all 
allow from 128.2. 128.237.
IndexIgnore .htaccess 


Only allow Web access from specific hosts foo.cs.cmu.edu and bar.cs.cmu.edu
 

order deny,allow 
deny from all 
allow from foo.cs.cmu.edu bar.cs.cmu.edu 
IndexIgnore .htaccess 

You can combine the examples above to require both password authentication and that the host accessing the Web pages is connecting from a Carnegie Mellon IP address.

Exercise caution when writing .htaccess files. Improper syntax may result in your Web site failing to load properly.