Htaccess Guide

htaccess is a very ancient configuration file that controls the Web Server running your website, and is one of the most powerful configuration files you will ever come across. .htaccess has the ability to control access of the WWW‘s HyperText Transfer Protocol (HTTP) using Password Protection, 301 Redirects, rewrites, and much much more. This is… Read More Htaccess Guide

New in Apache HTTP Server 2.4 – Authorization, FCGI Proxy, and Mod_SSL

The authorization container directives <RequireAll>, <RequireAny> and <RequireNone> may be combined with each other and with the Require directive to express complex authorization logic.

The example below expresses the following authorization logic. In order to access the resource, the user must either be the superadmin user, or belong to both the admins group and the Administrators LDAP group and either belong to the sales group or have the LDAP dept attribute sales. Furthermore, in order to access the resource, the user must not belong to either the temps group or the LDAP group Temporary Employees.

<Directory /www/mydocs>



Require user superadmin

Require group admins
Require ldap-group cn=Administrators,o=Airius

Require group sales
Require ldap-attribute dept="sales"




Require group temps
Require ldap-group cn=Temporary Employees,o=Airius



Read More New in Apache HTTP Server 2.4 – Authorization, FCGI Proxy, and Mod_SSL

Allowing or Blocking based on Country with .htaccess

Redirection with mod_geoip and mod_rewrite
Below are examples of how to perform redirection based on country with mod_geoip and mod_rewrite. This configuration should be added to your Apache httpd.conf or .htaccess file.

GeoIPEnable On
GeoIPDBFile /path/to/GeoIP.dat

# Redirect one country
RewriteEngine on
RewriteRule ^(.*)$$1 [L]

# Redirect multiple countries to a single page
RewriteEngine on
RewriteRule ^(.*)$$1 [L]

Read More Allowing or Blocking based on Country with .htaccess

X-Content-Type-Options: nosniff header

Over the past two months, we’ve received significant community feedback that using a new attribute on the Content-Type header would create a deployment headache for server operators. To that end, we have converted this option into a full-fledged HTTP response header. Sending the new X-Content-Type-Options response header with the value nosniff will prevent Internet Explorer from MIME-sniffing a response away from the declared content-type.

For example, given the following HTTP-response:

HTTP/1.1 200 OK
Content-Length: 108
Date: Thu, 26 Jun 2008 22:06:28 GMT
Content-Type: text/plain;
X-Content-Type-Options: nosniff

This page renders as HTML source code (text) in IE8.

Read More X-Content-Type-Options: nosniff header