How to Disable Directory Browsing on Apache

Posted on February 11, 2026 by Damon Luong

Disabling Directory Browsing in the Main Configuration File

It’s simple to disable directory browsing in the Apache main configuration file by changing the Options directive to make sure the Indexes option is disabled. This directive determines how directories behave in a number of ways, such as whether directory browsing is permitted. By modifying the primary Apache configuration file, you can turn off directory browsing as follows:

  1. Depending on your operating system, the primary Apache configuration file is normally found in one of the following directories:
    • Debian/Ubuntu

/etc/apache2/apache2.conf

    • CentOS/RHEL

/etc/httpd/conf/httpd.conf

  1. Make a backup on the configuration file above by running the command below.

sudo cp -rp /etc/apache2/apache2.conf /etc/apache2/apache2.conf.backup

  1. Open the file and edit it with a text editor such as Vim or Nano.

nano /etc/apache2/apache2.conf

  1. Find the Directory Configuration Block. There are multiple blocks in the configuration file. These blocks specify configurations for particular server folders. The root directory is the highest-level directory on the server, and the settings in the block are applicable to it. Look for a block that is similar to the following:
    Image4
    Within this block look for the line that contains Options (box in red).  It may include the Indexes option, which enables directory browsing.
  1. Remove the Indexes option from the Options directive to disable the directory browsing. This is how the modified directive should appear.
    Image2
  2. Save and exit on the editor.  For changes to take effect, restart the Apache service. Run the command below.
    • Debian/Ubuntu

sudo systemctl restart apache2

    • Centos/RHEL

sudo systemctl restart httpd

  1. Verify that directory browsing has been disabled in order to validate the modifications. Then, use a web browser to access a directory on the server without an index file. Users should get a “403 Forbidden” response instead of a directory listing, indicating that directory browsing is no longer permitted.

Disabling Directory Browsing in Virtual Host Files

With Apache, different websites may be operated even on WordPress hosting; each with its own configuration, on a single server by using virtual hosts. One can change the configuration in the virtual host files to prevent directory browsing for particular websites or virtual hosts. Here’s how to make this happen:

  1. Depending on your operating system, the primary Apache configuration file is normally found in one of the following directories:
    • Debian/Ubuntu

/etc/apache2/sites-available/

    • CentOS/RHEL

/etc/httpd/conf.d/

or

/etc/httpd/sites-available/

  1. Every virtual host will have a configuration file of its own, usually called example.com.conf or after the domain or website it serves. Make a backup on the configuration file above by running the command below.

sudo cp  /etc/apache2/sites-available/example.com.conf  /etc/apache2/sites-available/example.com.conf.backup

  1. Open the file above and edit it with a text editor such as Vim or Nano.

nano /etc/apache2/sites-available/example.com.conf

  1. Find the Directory Configuration Block. There are multiple blocks in the configuration file. These blocks specify configurations for particular server folders. The root directory is the highest-level directory on the server, and the settings in the block are applicable to it. Look for a block that is similar to the following:
    Image3
    Within this block look for the line that contains Options (box in red).  it may include the Indexes option, which enables directory browsing.
  2. Remove the Indexes option from the Options directive to disable the directory browsing. This is how the modified directive should appear.
    Image7
  3. Save and exit on the editor.  For changes to take effect, restart the Apache service. Run the command below.
    • Debian/Ubuntu

sudo systemctl restart apache2

    • Centos/RHEL

sudo systemctl restart httpd

  1. Verify that directory browsing has been disabled in order to validate the modifications. Then, use a web browser to access a directory on the server without an index file. Users should get a “403 Forbidden” response instead of a directory listing, indicating that directory browsing is no longer permitted.

Disabling Directory Browsing Using .htaccess Files

With Apache, the.htaccess file is a strong configuration tool that lets users change server settings for individual directories. One can change or create a.htaccess file in the directory where they wish to apply this setting if they don’t have access to the main Apache configuration file or if they want to block directory browsing for a particular directory. Using a.htaccess file, users can prevent directory browsing as follows:

  1. To disable directory browsing, navigate to the desired directory. This could be any subdirectory inside the site itself or the document root of the website (/var/www/example.com, for example).

cd /var/www/example.com

  1. If there’s already a .htaccess file in the directory, one can edit it with a text editor. Otherwise, one can make a fresh .htaccess file

sudo nano .htaccess

  1. Add the line below on the file then save and exit.

Options -Indexes

  1. Apache needs to be set up to permit .htaccess overrides in the appropriate directory in order for the .htaccess file to function. The AllowOverride directive in the virtual host or Apache configuration files controls this. Verify that the virtual host file or directory block in the Apache configuration permits overrides, as shown below.
    Image6
  2. Verify that directory browsing has been disabled in order to validate the modifications. Then, use a web browser to access a directory on the server without an index file. Users should get a “403 Forbidden” response instead of a directory listing, indicating that directory browsing is no longer permitted.

Troubleshooting Common Issues

Although it is usually simple to disable directory browsing on Apache, there are certain issues that make the setup not work as intended. Users can solve typical problems while deactivating directory browsing on Apache by checking the list of solutions provided below.

  1. Directory browsing remains enabled even after making changes to the. htaccess file or Apache settings. To make the modifications take effect, make sure to restart the Apache server. Use the command that is right for your operating system.
    • Debian/Ubuntu

sudo systemctl restart apache2

    • CentOS/RHEL

sudo systemctl restart httpd

  1. Check to see if the Apache user is allowed to view the modified configuration files or the .htaccess file. These files may not be readable by Apache due to incorrect file permissions. Perform the following if issue has been encountered.

sudo chmod 644 /path/to/.htaccess

    • Debian/Ubuntu

sudo chown www-data:www-data /path/to/.htaccess  

    • CentOS/RHEL

sudo chown apache:apache /path/to/.htaccess

  1. Users get a “403 Forbidden” error for all requests after disabling directory browsing, even when trying to access files that are supposed to be available. To enable Apache to serve files, make sure the directory permissions are set appropriately. Run the command to fix it.

sudo chmod 755 /var/www/example.com

  1. Make sure the AllowOverride directive in the Apache configuration is set to All, or at the very least, to allow the Options directive, especially if users are using a.htaccess file.
    Image6
  2. After changing the configuration to deactivate directory browsing, Apache either fails to start or restarts with issues. Before restarting Apache, run a syntax check on the configuration files to identify any errors.

sudo apachectl configtest

  1. For more details on the reason why Apache is not starting, review the Apache error logs.
    • Debian/Ubuntu

sudo tail -f /var/log/apache2/error.log 

    • CentOS/RHEL

sudo tail -f /var/log/httpd/error_log

CONCLUSION

One of the most important things one can do to secure the web server is to disable directory browsing on Apache. The directories’ contents can be kept hidden from unauthorized users, lowering the possibility of vulnerable information and sensitive data being exposed. Using.htaccess files, virtual host file adjustments, and changes to the main Apache configuration file are some of the methods available to stop directory browsing. There is flexibility in each option based on the server configuration and access level. Knowing how to limit directory browsing at different levels is important for those who oversee a single site or a number of virtual hosts. It guarantees that the server is safe and properly setup. Even though the procedure is normally simple, be ready to troubleshoot common problems to make sure the modifications are implemented correctly, such as wrong permissions, conflicting setups, or syntax errors. These actions will help to safeguard information, improve the security of the Apache server, and give users a safer environment. Maintaining a strong and secure online infrastructure includes routinely checking and updating the server’s settings, as well as turning off pointless functions like directory browsing.

Posted in apache, centOS, IIS, My Linux, ubuntu | Comments Off on How to Disable Directory Browsing on Apache

How to Install Apache on CentOS

Posted on February 10, 2026 by Damon Luong

The Apache web server is the most widely used platform for deploying HTTP-based services. Its popularity is due to its support for dynamically loadable modules, compatibility with various file formats, and integration with other software tools.

Prerequisites

To install the Apache HTTP server following this guide, you will need:

  • A local computer or a cloud server with CentOS 9 installed
  • A user with sudo privileges or root
  • Enabled firewalld

If you’re looking for a reliable, high-performance, and budget-friendly solution for your workflows, Hostman has you covered with Linux VPS Hosting options, including Debian VPSUbuntu VPS, and VPS CentOS.

Step 1: Install Apache

The Apache package is available in the official CentOS repository, so you can install it using dnf.

First, update the package list:

sudo dnf update -y

Run the following command to install Apache:

sudo dnf install httpd -y

The package manager will install the Apache web server and all necessary dependencies on CentOS.

Step 2: Configuring the Firewall

To operate the web server, you’ll need to configure the firewall to allow HTTP and HTTPS traffic:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https

After running these commands, restart the firewall to apply the new rules:

sudo firewall-cmd --reload

The Apache installation is now complete, and you can start the web server and check its functionality.

Step 3: Checking the HTTP Server

Once installed, Apache isn’t running yet, so you need to enable and start it using these commands:

sudo systemctl enable httpd
sudo systemctl start httpd

To verify if the Apache service has started, use this command:

sudo systemctl status httpd

If the web server is running correctly, you should see a message showing the status as active (running):

● httpd.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled)
     Active: active (running) since Thu 2024-11-07 07:34:27 GMT; 6s ago

Another way to check is to open the server’s IP address in a browser:

http://your_server_ip

You can find your server’s IP on the server’s Dashboard or in an email received after setting up the server.

Step 4: Managing the Apache Service

Now, you can try some systemctl commands for interacting with the Apache service. 

For example, to stop the HTTP server, use:

sudo systemctl stop httpd

To start it again, use:

sudo systemctl start httpd

For a complete restart, such as when applying configuration changes:

sudo systemctl restart httpd

To reload Apache without interrupting active connections, use:

sudo systemctl reload httpd

We enabled Apache to start automatically when the server boots. If you prefer to disable this option, run:

sudo systemctl disable httpd

These commands allow you to manage the Apache process easily.

Step 5: Setting Up Virtual Hosts

The default Apache HTTP server configuration allows for hosting only one site. However, you can set up virtual hosts to host multiple sites with separate resources.

Virtual hosts in Apache work similarly to those in Nginx. They allow you to separate configurations and host multiple domains on a single virtual or physical server. In this guide, we’ll use a placeholder site called example.com. When configuring, replace it with your actual domain.

  1. Create the html directory for example.com:
sudo mkdir -p /var/www/example.com/html
  1. Create a directory for log files:
sudo mkdir -p /var/www/example.com/log
  1. Set permissions for the html directory. Assign ownership to the $USER environment variable.
sudo chown -R $USER:$USER /var/www/example.com/html
  1. Verify standard permissions for the root directory:
sudo chmod -R 755 /var/www
  1. Create an index.html file. You can use any code editor to create this file. For example, with vi:
sudo vi /var/www/example.com/html/index.html

Add simple content to the file:

<html>
  <head>
    <title>Welcome to Example.com!</title>
  </head>
  <body>
    <h1>Success! The example.com virtual host is working!</h1>
  </body>
</html>

After saving index.html, you’re nearly ready to set up the configuration files for each domain. These files will tell Apache how to handle requests for each virtual host.

  1. Create directories for virtual host configurations. The configuration files for individual domains are stored in a sites-available directory, while the sites-enabled directory will contain symbolic links to sites that are ready to receive traffic:
sudo mkdir /etc/httpd/sites-available /etc/httpd/sites-enabled

Now, you need to instruct the HTTP server to find virtual hosts in the sites-enabled directory. To do this, modify the main Apache configuration file by running the following command:

sudo vi /etc/httpd/conf/httpd.conf

Then, move the cursor to the very end of the file and add the following lines:

# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
IncludeOptional sites-enabled/*.conf

Now, it’s time to create the virtual host configuration file:

sudo vi /etc/httpd/sites-available/example.com.conf

In this file, add the following configuration:

<VirtualHost *:80>
    ServerName www.example.com
    ServerAlias example.com
    DocumentRoot /var/www/example.com/html
    ErrorLog /var/www/example.com/log/error.log
    CustomLog /var/www/example.com/log/requests.log combined
</VirtualHost>

Make sure to replace example.com with your actual domain name. This configuration tells the web server where to find the site’s root directory and where to store the error and access logs.

After saving and closing the file, you need to activate the virtual host by creating a symbolic link for the domain in the sites-enabled directory:

sudo ln -s /etc/httpd/sites-available/example.com.conf /etc/httpd/sites-enabled/example.com.conf

At this point, the configuration is complete, and the host is ready to function. However, before restarting the web server, it’s a good idea to check if the SELinux module is correctly handling requests.

Step 6: Configuring Permissions in SELinux

The SELinux (Security-Enhanced Linux) module enhances the operating system’s security. CentOS comes with a preconfigured SELinux package that works with Apache. However, since we’ve made changes, starting the web server services might result in an error. To resolve this, you need to adjust SELinux policies for Apache. There are two ways to adjust these policies: a universal approach and a folder-specific approach.

Option 1: Universal Approach

This method allows the SELinux security module to use any Apache processes via the httpd_unified boolean variable. It’s convenient but doesn’t allow separate policies for individual directories and files. To enable the universal policy, run:

sudo setsebool -P httpd_unified 1

The setsebool command is used to modify boolean values, and the -P flag ensures that the change is persistent across reboots. In this case, the httpd_unified boolean is activated with the value 1.

Option 2: Adjusting SELinux Policies for Specific Directories

This approach requires more steps but allows for more granular control over permissions for each directory or file. You’ll need to specify the context type for each new folder manually. For example, to check the parameters of the /var/www/example.com/log directory, run:

sudo ls -dlZ /var/www/example.com/log/

You’ll see something like this:

drwxr-xr-x. 2 root root unconfined_u:object_r:httpd_sys_content_t:s0 6 Nov 07 09:01 /var/www/example.com/log/

You can see that the context used is httpd_sys_content_t, meaning Apache can only read files placed in this folder. To change the context to httpd_log_t so that the web server can write to log files, run:

sudo semanage fcontext -a -t httpd_log_t "/var/www/example.com/log(/.*)?"

This command will set the correct context for the log directory and its contents, allowing Apache to write log entries.

Apply the changes using the following command:

sudo restorecon -R -v /var/www/example.com/log

The -R flag allows the command to run recursively, updating existing files, and the -v flag will display the changes being made. You should see an output like this:

Relabeled /var/www/example.com/log from unconfined_u:object_r:httpd_sys_content_t:s0 to unconfined_u:object_r:httpd_log_t:s0

If you want to verify that the context type has been updated, check the current status again:

sudo ls -dlZ /var/www/example.com/log/

The output should look like this:

drwxr-xr-x. 2 root root unconfined_u:object_r:httpd_log_t:s0 6 Nov 07 09:01 /var/www/example.com/log/

Step 7: Testing the Virtual Host

After adjusting the SELinux permissions, the Apache server should now be able to write data to the /var/www/example.com/log directory. Let’s restart the Apache service:

sudo systemctl restart httpd

Next, list the contents of the /var/www/example.com/log directory to verify that the system has created the log files:

ls -lZ /var/www/example.com/log

You should see output similar to this:

-rw-r--r--. 1 root root system_u:object_r:httpd_log_t:s0 0 Nov 07 09:06 error.log
-rw-r--r--. 1 root root system_u:object_r:httpd_log_t:s0 0 Nov 07 09:06 requests.log

The first line confirms the existence of the error.log file, and the second confirms the presence of the requests.log file.

Now, you can check the functionality of the domain through a browser. You should see a message like:

Success! The example.com virtual host is working

This confirms that the virtual host has been successfully set up and is serving content. Repeat steps 5 and 6 for each new site, replacing the domain with the appropriate one.

Conclusion

In this tutorial, we’ve walked through installing and configuring Apache on CentOS 9, including setting up virtual hosts for multiple domains. We covered installation with dnf, configuring firewall rules, enabling Apache to start on boot, and managing its service using systemctl. We also explored SELinux configuration for proper permissions, ensuring Apache can read and write log files. With these steps, you’ll have a functional web server ready to host sites and deploy content

Posted in apache, centOS, IIS | Comments Off on How to Install Apache on CentOS

creating redirects in an .htaccess file

Posted on February 27, 2024 by Damon Luong

Common uses of .htaccess file

The .htaccess file has several use cases. The most common examples include:

  • Redirections for certain URLs
  • Load custom error pages, like 404 pages
  • Force your website to HTTPS instead of HTTP
  • Allow or deny specific IP addresses access to your website
  • Password-protect certain directories on your server

When not to use .htaccess?

The .htaccess file is commonly used when you don’t have access to the main server configuration file httpd.conf or virtual host configuration, which only happens if you have purchased shared hosting. You can achieve all of the above-mentioned use cases by editing the main server configuration file(s) (e.g., httpd.conf) or virtual host configuration files, so you should not use .htaccess when you have access to those files. Any configuration that you need to put in a .htaccess file can just as effectively be added in a <Directory> section in your main server or virtual host configuration files.

Reasons to avoid using .htaccess

There are two reasons to avoid the use of .htaccess files. Let’s take a closer look at them.

First: Performance – When AllowOverride is set to allow the use of .htaccess files, httpd will look for .htaccess files in every directory starting from the parent directory. This will cause a performance impact, whether you’re using it or not. The .htaccess file is loaded every time a document is requested from a directory.

To have a full view of the directives that it must apply, httpd will always look for .htaccess files starting with the parent directory until it reaches the target sub-directory. If a file is requested from directory /public_html/test_web/contenthttpd must look for the following files:

  • /.htaccess
  • /public_html/.htaccess
  • /public_html/test_web/.htaccess
  • /public_html/test_web/content/.htaccess

So, four file-system accesses were performed for each file access from a sub-directory content even if the file is not present.

Second: Security – granting users permission to make changes in .htaccess files gives them full control over the server configuration of that particular website or virtual host. Any directive in the .htaccess file has the same effect as any placed in the httpd configuration file itself, and changes made to this file are live instantly without a need to restart the server. This can become risky in terms of the security of a webserver and a website.

Enable the .htaccess file

To enable the .htaccess file, you need to have sudo/root privileges on the server.

Open the httpd configuration file of your website:

/etc/httpd/conf/test.conf

You should add the following configuration directive in the server’s virtual host file to allow the .htaccess file in the DocumentRoot directory. If the following lines are not added, the .htaccess file will not work:

</VirtualHost>
<Directory /var/www/test.com/public_html>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

In the case of shared hosting, this is already allowed by the hosting service providers. All you need to do is to create a .htaccess file in the public_html directory to which the service provider has given you access and to which you will upload your website files.

Redirect URLs

If your goal is to simply redirect one URL to another, the Redirect directive is the best option you can use. Whenever a request comes from a client on an old URL, it forwards it to a new URL at a new location.

If you want to do a complete redirect to a different domain, you can set the following:

# Redirect to a different domain
Redirect 301 "/service" "https://newdomain.com/service"

If you just want to redirect an old URL to a new URL on the same host:

# Redirect to a URL on the same domain or host
Redirect 301 "/old_url.html" "/new_url.html"
Load a custom 404 Error page

For a better user experience, load a custom error page when any of the links on your website point to the wrong location or the document has been deleted.

To create a custom 404 page, simply create a web page that will work as a 404 page and then add the following code to your .htaccess file:

ErrorDocument 404 /error/pagenotfound.html

You should change /error/pagenotfound.html to the location of your 404 page.

Force the use of HTTPS instead of HTTP for your website

If you want to force your website to use HTTPS, you need to use the RewriteEngine module in the .htaccess file. First of all, you need to turn on the RewriteEngine module in the .htaccess file and then specify the conditions you want to check. If those conditions are satisfied, then you apply rules to those conditions.

The following code snippet rewrites all the requests to HTTPS:

# Turn on the rewrite engine
RewriteEngine On

# Force HTTPS and WWW
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [OR,NC]
RewriteCond %{https} off  
RewriteRule ^(.*)$ https://www.test-website.com/$1 [R=301,L]

Let’s go through each line.

RewriteEngine on turns on the RewriteEngine module. This is required; otherwise, conditions and rules won’t work.

The first condition checks if www is entered. [OR, NC] stands for no case, which means even if the entered URL has a mix of upper or lowercase case letters.

Next, it checks if the HTTPS protocol was already entered by the user. %{https} off means that HTTPS protocol was not used.

When the RewriteCond is satisfied, we use RewriteRule to redirect the URL to HTTPS. Note that in this case, all URLs will be redirected to HTTPS whenever any request is made.

[ A free guide from Red Hat: 5 steps to automate your business. ] 

Wrap up

Website owners often use the .htaccess file to control the behavior of their website. In this article, we have covered the basics of the .htaccess file and some common use cases in place on most of the websites.

Posted in centOS, My Linux, ubuntu | Comments Off on creating redirects in an .htaccess file

How to Enable & Set Up .htaccess File on Apache

Posted on February 26, 2024 by Damon Luong

What is an htaccess File?

The .htaccess file in Apache is a tool that allows configurations at the directory and subdirectory level. Using .htaccess enables you to configure website permissions without altering server configuration files.

This tutorial will show you how to set up and enable htaccess on Apache. Also, it instructs on how to restrict access to specific localizations on the server, manage IP addresses, and redirect traffic.

How to Enable and Set Up .htaccess File on Apache Guide

Note: If you do not have Apache on your system, you can find a step-by-step instruction guide on installing Apache on Ubuntu.

Prerequisites

  • A working Apache web server
  • Access to a terminal window/command line
  • Access to a user account with sudo privileges
  • A text editor, such as Nano, included by default

Step 1: Enable Apache .htaccess

By default, the .htaccess file is not enabled.

1. Open the default host configuration file by entering the following command in the terminal:

sudo nano /etc/apache2/sites-available/default

2. Locate the section labeled <Directory /var/www>.
In that section, change the AllowOverride None entry to all:

AllowOverride All

htaccess AllowOverride All command

Save the file and exit.

3. Next, restart the Apache service:

sudo systemctl apache2 restart

Step 2: Create .htaccess File

Like most Linux software packages, Apache functions on configuration files. The .htaccess file is one of these. It works by specifying a setting along with a value.

To create and open the .htaccess file for editing, enter:

sudo nano /var/www/my_website.com/.htaccess

Replace my_website with the name of your actual website. If this file doesn’t exist, your text editor will create it.

Step 3: Restrict Directory Listings

There may be locations on your server that you want to restrict access to. You can do this by creating a list of usernames and passwords that are authorized to have access.

1. Start by creating a new file, .htpasswd in a different directory:

sudo nano /user/safe_location/.htpasswd

Enter a username and password for each user that you want to create. Make sure to use strong passwords, and enter only one username/password pair per line.

Save the file and exit.

2. Next edit .htaccess to enable authentication:

AuthUserFile /user/safe_location/.htpasswd

AuthGroupFile /dev/null

AuthName "Please Enter Password"

AuthType Basic

Require valid-user
restrict directory listing in apache wit htaccess

Replace /user/safe_location/htpasswd with the location of your choice. Don’t store it in the same directory as your web content, for security reasons.

AuthUserFile – This sets the location for your .htpasswd file.

AuthGroupFile – We’re not using a group, so this is a placeholder.

AuthName – This is the prompt to the user – you may rephrase if you’d like.

AuthType – Type of authentication used – don’t change this.

Require valid-user – Allows any one of several authorized people to log on. You could change this to Require user new_user to restrict access only to someone with the username new_user.

Manage IP Addresses

There are many ways you can manage IP addresses:

  1. Allow only specific IPs.
  2. Block specific IP addresses.
  3. Block visitors by the referrer.

Allow IP Addresses

To allow IP addresses, you can switch the behavior to allow a few designated IP addresses, and block the rest.

Enter the commands:

order deny, allow 

allow from 192.168.0.54

allow from 192.168.0
allow ip addresses example

Block IP Addresses

To block IP addresses in htaccess, enter: order allow, deny

To block a single IP address, enter this code next: deny from 192.168.0.54

If you leave off the final digit, it will block all IP addresses in the 0 – 255 range:

For Example: deny from 192.168.0

blocking all ip addresses with htaccess

Note: You can save your .htaccess file after each operation listed below. If you’re done making changes, just reload your Apache service before testing. Also, when editing the file, it’s helpful to make comments. Use the # sign to mark a line as a comment, which will let you make notes that the system won’t read as commands.

Block Visitors by Referrer

You may want to prevent people from being redirected from a specific site to your server. This might be helpful if you want to isolate traffic patterns. You might also use it if you were getting excess server traffic from a questionable source.

Open the .htaccess file and add the following block:

RewriteEngine on

# Options +FollowSymlinks

RewriteCond %{HTTP_REFERER} blockeddomain\.com [NC]

RewriteRule .* - [F]

The NC option instructs to ignore the upper or lower case so that the rule can’t be bypassed by entering BlockedDomain.com.

If you want to add more domains, note the following:

RewriteEngine on

# Options +FollowSymlinks

RewriteCond %{HTTP_REFERER} blockeddomain\.com [NC,OR]

RewriteCond %{HTTP_REFERER} blockeddomain2\.com

RewriteRule .* - [F]

The OR flag tells the system that you’re not done adding blocked referrers yet. Omit this option on the last entry.

Redirect Traffic

You can use the .htaccess file to redirect traffic.

Open the file and enter the following:

Redirect301/Other_Website.com/index.html/My_Website.com/index.html

This command takes any traffic that’s searching for Other_Website.com and redirects it to My_Website.com.

Set a 404 Page

You can use the .htaccess file to point basic functions to a new location. One example is the 404 page.

1. Open the .htaccess file and enter:

ErrorDocument 404 /404.html

This line tells the system to look at the website’s content directory for a /404.html file as the error page.

2. Create the 404 page using this command:

sudo nano cd /var/www/My_Website.com/public.html/404.html

This should open the 404.html file in your text editor.

3. Next, add the following code:

<!doctype html>

<html>

 <body>

   404 Error: Page not found

 </body&gt;

</html>
404 page not found coding setup

This page can now be customized to display any kind of error message you want. You can also customize any other error pages you’d like. Just specify the ErrorDocument number, for example, Error 500 than point .htaccess to the new error.html file that you create.

Conclusion

Enabling .htaccess can be an incredibly valuable tool for managing your Apache web server.

This guide provides basic commands and settings, with some of the most likely scenarios you might encounter.

Posted in apache, My Linux | Comments Off on How to Enable & Set Up .htaccess File on Apache

Disable TLS 1.0 and TLS 1.1 on Windows Server using CMD as admin

Posted on September 13, 2023 by Damon Luong

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server” /v Enabled /t REG_DWORD /d 0 /f

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server” /v DisabledByDefault /t REG_DWORD /d 1 /f

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client” /v Enabled /t REG_DWORD /d 0 /f

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client” /v DisabledByDefault /t REG_DWORD /d 1 /f

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server” /v Enabled /t REG_DWORD /d 0 /f

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server” /v DisabledByDefault /t REG_DWORD /d 1 /f

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client” /v Enabled /t REG_DWORD /d 0 /f

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client” /v DisabledByDefault /t REG_DWORD /d 1 /f

Posted in IIS, My Windows, windows | Comments Off on Disable TLS 1.0 and TLS 1.1 on Windows Server using CMD as admin