For Linux and Shell scripting.

Leave a comment

Apache: how to disable directory listing

Disable directory listing using httpd.conf:
* Open your httpd.conf and look for “Options Indexes”
* Change “Indexes” to “-Indexes” if it exists.
* Or else add “Options -Indexes” as a new line
* Restart your apache webserver

Disable directory listing using .htaccess:-
* Open your .htacces file and look for “Options Indexes”
* Change “Indexes” to “-Indexes” if it exists.
* Or else add “Options -Indexes” as a new line


Leave a comment

How to Password Protect your Web Pages

If you want to provide password protection for your webpages, follow the steps below:

Create a .htaccess file under the directory (which you want to protect):

To protect the entire directory

AuthName “Restricted Area”
AuthType Basic
AuthUserFile /docroot/<username>/.htpasswd
AuthGroupFile /dev/null
require valid-user

To protect individual files like test.html, testing.html:

AuthName “Restricted Area”
AuthType Basic
AuthUserFile /docroot/<username>/.htpasswd
AuthGroupFile /dev/null
<Files test.html>
require valid-user
<Files testing.html>
require valid-user

docroot/username/.htpasswd is the file where you want to put the username(s) and encrypted password(s).

You can create this “htpasswd” file using the command:

#htpasswd -nb username testpass

This command will give you an output like username:P/X0BsSU.aEKM Put this line to your .htpasswd file.


Introduction to .htaccess

.htaccess Definition.

Apache provides distributed, directory-level, configuration via Hypertext Access files. These .htaccess files enable localized fine-tuning of Apache’s universal system-configuration directives. Localized .htaccess directives must operate from within a file named .htaccess. The user must have appropriate file permissions to access and/or edit the .htaccess file. Further, .htaccess file permissions should never allow world write access — a secure permissions setting is “644”, which allows universal read access and user-only write access. Finally, .htaccess rules apply to the parent directory and all subdirectories. Thus to apply configuration rules to an entire website, place the .htaccess file in the root directory of the site.

Performance Issues
.htaccess directives provide directory-level configuration without requiring access to Apache’s main server configuration file (httpd.conf). However, due to performance and security concerns, the main configuration file should always be used for server directives whenever possible. For example, when a server is configured to process .htaccess directives, Apache must search every directory within the domain and load any and all .htaccess files upon every document request. This results in increased page processing time and thus decreases performance. Such a performance hit may be unnoticeable for sites with light traffic, but becomes a more serious issue for more popular websites. Therefore, .htaccess files should only be used when the main server configuration file is inaccessible.

Regex Character Definitions for htaccess

# instructs the server to ignore the line.
^ denotes beginning of a regular expression.
$ denotes end of a regular expression.
? declares the preceeding character as optional. i.e., it matches zero or one occurence of the

preceding character.
! denotes negation. i.e., “!hello” will match every string other than “hello”.
. a dot indicates any single arbitrary character.
+ matches one or more of the preceding character. e.g., x+ matches one or more x. “+” will

match one or more character of any kind.
* matches zero or more of the preceding character. e.g., you can use “.*” as a wildcard.
| logical “or” operator. for example, (x|y) matches x or y.
\ escapes special characters ( ^ $ ! . * | ).
^$ matches an empty string.
() used to group characters together, thereby considering them as a single unit.
[] specifies a character set, in which any character within the brackets will be a match. e.g., [xyz]

will match either x, y, or z.
[]+ character set in which any combination of items within the brackets will be a match. e.g.,

[xyz]+ will match any number of x’s, y’s, z’s, or any combination of these characters.
[^] specifies not within a character set. e.g., [^xyz] will match any character other than x, y, or z.
[a-z] a dash (-) between two characters within a character set ([]) denotes the range of characters

between them. e.g., [a-zA-Z] matches all lowercase and uppercase letters from a to z.

a{n} specifies how many times the preceeding character should match. e.g., x{3} matches x

exactly 3 times.
a{n,} specifies minimum number of matches for the preceeding character. e.g., x{3,} matches 3 or

more x’s
a{n,m} specifies minimum and maximum number of matches for the preceeding character.
-e tests if the file exists.
-f tests if string is an existing regular file.
-d tests if string is an existing directory.
-s tests if file exists and has a size more than zero.