Computing Facilities    links to the SCS and CMU home pages Carnegie Mellon School of Computer Science Carnegie Mellon University
 
Advanced search tips 
 
 » Introduction to Facilities 
 » Accounts & passwords 
 » AFS 
 » Application software 
 » AV help 
 » Backups & restores 
 » Calendaring 
 » E-mail 
 » Networking 
 » Printing 
 » Purchasing 
 » Resource management 
 » Security 
 » Software licensing 
 » Support charges 
 » Web publishing 
 » Mac support 
 » Linux support 
 » Windows PC support 

Using .htaccess files

The SCS web servers, like other web servers running Apache web server software, use files named .htaccess (this is the full name of the file, not an extension) to control how a web server can access files in a directory. .htaccess files are plain text files that you can create and edit with any text editor. They contain instructions to the web server concerning who can access files, along with optional other directives.

.htacess files just apply to file access by the SCS web servers. They do not restrict access to files via ordinary AFS file access.

How .htaccess files are used by the web server

When a web server tries to access a file in a directory, for example, /afs/cs/user/bovik/www/index.html it checks every directory in the path to that file (including the directory the file is in) for a .htaccess file. If it does not find one, the web server will not be able to access the file. If it finds a .htaccess file, it uses the directives in that file to control access. Note that later .htaccess files override earlier ones. In the example above, a .htaccess file in /afs/cs/user/bovik/www would override a .htaccess file in /afs/cs/user/bovik.

Note: .htaccess files must be readable by the web servers in order for them to work. This means that the directories containing .htaccess files must have an "wwwsrv:http-ftp rl" AFS ACL (or an even more liberal ACL, such as "system:anyuser rl". See the documentation on special AFS groups for additional information on these groups).

Examples of .htaccess files

The examples below show the complete contents of .htaccess files that have the indicated effects. Be careful when writing .htaccess files. There should be no whitespace between the "deny" and "allow", just a comma.

  • To allow web access of files from anyone:
    Order allow,deny
    allow from all
    
  • To only allow web access from .cs.cmu.edu and .ri.cmu.edu hosts:
    order deny,allow
    deny from all
    allow from .cs.cmu.edu .ri.cmu.edu
    IndexIgnore .htaccess
    
  • To only allow web access from the specific hosts foo.cs.cmu.edu and bar.cs.cmu.edu:
    order deny,allow
    deny from all
    allow from foo.cs.cmu.edu bar.cs.cmu.edu
    IndexIgnore .htaccess
    

See our documentation on password protecting web pages for examples of how to use .htaccess files to require people to give a password when accessing pages.