Apache

Directory Protection

• /httpd.conf

  • AllowOverride AuthConfig

• .htaccess

  • AuthType Basic
    AuthName "Name of this realm"
    AuthUserFile "/abs/path/to/.htpasswd"
    Require valid-user

• .htpasswd

  • dz:cRyPtEdPaSsWd

Rotatelogs

part of the Apache distribution and works as a pipe:

apache.conf:

CustomLog "| /usr/sbin/rotatelogs -l /var/www/site/logs/access.log.%Y%m%dT%H%M 86400" combined

• -l: use local time instead of UTC

• 86400: cycle the log every 24 hours at 00:00 hours

See Logrotate for an alternative to rotatelogs.

Execution Order of Directives

Directives are not executed strictly in the order that you specify. They are executed in module order. For example, all mod_alias directives will execute, then all mod_proxy diretives will execute, and then all mod_rewrite directives will execute (Each module parses the config files and executes the directives that it recognizes).

That's just an example -- the modules will execute in the reverse order the they are loaded (by LoadModule) on Apache 1.x, and in the order determined by Apache 2.x priority scheme. This can have various unexpected results.

(http://www.webmasterworld.com/forum92/5980.htm)

Server Status

# If you have a global RewriteRule like /.*, you can disarm it with the following RewriteCond
RewriteCond %{REQUEST_URI} !=/server-status
RewriteRule /.* /some/place
[...]
<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Location>