I'm trying to follow the instructions on http://www.4webhelp.net/tutorials/misc/htaccess.php in order to create a password file placed outside of the web root and use it in conjunction with .htaccess. The problem I can't solve here is that the AuthUserFile info in .htaccess is supposed to be an absolute path to the server root. I am using a server provided by a web hosting company and I found using <?php echo $_SERVER['DOCUMENT_ROOT']; ?> that the complete path to my web root looks something like /mumbo/jumbo/my_site/public_html where /mumbo/jumbo/ is stuff determined by the web host and, importantly, subject to change without notice. In PHP I can of course generate a path that always is correct using $_SERVER['DOCUMENT_ROOT']. But .htaccess is not written in PHP. Is there a similar way to obtain the server root path upstream of the web root dynamically using the syntax of .htaccess?
From the manual:
File-path is the path to the user file. If it is not absolute, it is
treated as relative to the ServerRoot.
You should give either an absolute path or a relative one to the server root. Neither would solve your problem.
Related
Background
Using Ubuntu with apache2:
In my sites-enabled config I have an Alias command like so:
Alias "/someDir" "/webSiteDir"
It works great.
So, the absolute path of /someDir is actually a "virtual directory" which effectively exists at /var/www/html/someDir. Whereas /webSiteDir actually exists at the root of the Ubuntu box's file system.
Question 1
How would I créate an Alias from one directory in the document root to another directory also in the document root? The manual for Apache specifically says that Alias should be used for redirecting to directories outside the document root. So what should I use if both the "virtual directory" and the actual directory are inside the document root?
Right now, I have it working with the following line:
Alias "/anotherDir" "/var/www/html/thisDir"
That seems quite clunky when the document root is explicitly defined just a few lines up as var/www/html within the very same config.
Should I be using a different command other than Alias for when both directories are under the same document root?
Question 2
How does the apache config even correctly determine the absolute path of different entries?
For example, in the above line:
Alias "/anotherDir" "/var/www/html/thisDir"
/anotherDir is treated as a "virtual directory" under /var/www/html/ but the second part which is /var/www/html/thisDir is treated as an absolute path with regards to the Ubuntu file system.
Ok fine, maybe that is just the syntax of the Alias command, in that the first entry is always relative and the second entry is always absolute.
Well what about the <Directory> attribute?
I have one entry:
<Directory "/">
which seems to refer to the document root of /var/www/html/ - a relative path.
And I also have:
<Directory "/thisDir">
which seems to refer to /var/www/html/thisDir - another relative path
Whereas I have another:
<Directory "/webSiteDir">
which seems to refer to an absolute path in the file system of /webSiteDir.
So, is my config file just messed up, or does apache somehow know when something is a relative path to the document root, or an absolute path from the system root?
Alias does not care much about your documentroot in a sense. That is, just define Alias inside your VirtualHost, first argument is a new virtual path and second is always a filesystem path, can be or it can not be inside the documentroot, Alias does not care or differentiate about it.
So, to question 1.
Always use alias to define virtualpaths, irrespectively where the filesystem is, just use it when you need it.
To question 2.
You have a BIG misunderstanding, Directory ALWAYS specifies a full path in your OS, that is <Directory "/">is / in your OS Filesystem and the same with the rest of your "Directory" examples.
If you wanted to affect a path created with Alias, you would use "Location" or Directory with the full path, and that one is really relative to documentroot.
I need to put something in a directory on my web server that starts with ., i.e. the path would be my.domain/.something/somefile.
However, it seems that my Apache configuration blocks all access to hidden directories.
How do I change the config so that access to this one particular directory is allowed?
The default configuration from the apache.org distribution has no problem serving files from a .something subdirectory of the document root. You'd have to search your own logs and configuration for a problem.
If running any zend application it is recommended to ceate the vhost.
Why is it so?
Although the public part form the url can be removed by copying the index.php and .htaccess file to root of project directory.
Well... yes, technically can just copy index.php and .htaccess to the root of the project directory. However, by doing that you will expose all of your application files to the public.
For example, someone could try to access your config file like this: http://yourhost/yourproject/application/configs/config.ini
This will actually display the content of the config file (which might include sensitive data like your database configuration) unless you explicitly configure something in your .htaccess to prevent this.
When using a vhost with the DocumentRoot set to the public dir, that means that no file outside the public directory will be accessible from an URL. And since you should normally only have the index.php file in there, you ensure that your application is always accessed from that starting point.
I wasn't aware of this, and it is kind of funny; when you name a directory icons in the root of your host, then if you point your browser to host.com/icons, apache does not read from that directory and shows you a listing of Public Domain Icons.
I added an icons directory to the root and placed a key.png file in that directory, yet accessing that image results in 404. I tried to find if/where this has been documented and how it could be turned off. I found nothing. Could someone provide a pointer?
P.S. I am using XAMPP 1.7.3 which basically is a WAMP and has Apache 2.2.14
Edit
Aparently lots of live servers have this turned on and index of /icons could be seen lots of places.
Open this file: %XAMPP_PATH%\apache\conf\extra\httpd-autoindex.conf
and change :
Alias /icons/ "X:/xampp/apache/icons/"
<Directory "X:/xampp/apache/icons/">
to this:
Alias /icons/ "./icons/"
<Directory "./icons/">
Restart your Apache Server.
I'd assume that you have an alias within your httpd.conf.
I'm not familiar with XAMPP's config files or their location (google suggests it's probably in \xampp\apache\conf\httpd.conf) but I'd suggest you're looking for a line like the following:
Alias /icons/ /usr/local/apache/icons/
See http://httpd.apache.org/docs/current/mod/mod_alias.html for more info.
EDIT:
According to XMAPP site, you need to check \xampp\apache\conf\httpd.conf and the extra subfolder.
I would look in either your apache config file (\xampp\apache\conf\httpd.conf) or your .htaccess files and see if there is a redirect going on.
EDIT: I think Grhm is correct in that an Alias is in your config file somewhere, per the XAMPP site:
The main configuration file for Apache. It's including other files from the subdirectory "extra".
See if there is a directory called extra in the \xampp\apache\conf\ directory and then go through the files in there and see if that Alias is present.
I have to add a password protected zone to a site I am working on (using the .htpasswd file). The thing is the whole directory structure it's being pointed at doesn't exist and is created through mod_rewrite.
Will it still work, or does the directory actually have to physically exist on the server?
Clarification:
While I may need to password protect the directory:
http://sitename/category/protected/
mod_rewrite translates this to:
index.php?category=category&directory=protected
So the actual directory does not exist. Is it still protectable?
You can add the access rules to the apache config file (httpd.conf or similar) in a Directory or Location tag instead of adding it in the .htaccess file.
Your rewrite rules will ultimately point to some files in a directory on your system (unless they redirect users to some external location). The authentication setup should be on the underlying directory that will be accessed.