Sat, 01/05/2010 - 19:31 — horuskol

Using the or directives to restrict access to specific areas of a website only works if there is actually a physical file or directory. But as more and more site frameworks are using rewritten URLs, the chances of a URL mapping to a physical file or directory are getting pretty slim.

So, what can you do in these circumstances?

Well, something like this:

Satisfy any
 
Order allow,deny
 
SetEnvIf Request_URI "^/admin" admin
Deny from env=admin
 
AuthUserFile /var/www/your-website/.htpasswd
AuthType Basic
AuthName "Authentication Required"

Sat, 01/05/2010 - 17:14 — horuskol

For most applications, there really isn't all that much to Apache configuration beyond setting up the virtual host and document root.

But Apache has a lot more to offer, and this set of articles will show how to set up some security on your site.