Apache Cheatsheet (htaccess, htpasswd)


  • sudo htpasswd -c /etc/apache2/example.htpasswd myusername
  • vi /etc/apache2/sites-available/example.conf
    •     <Directory "/var/www/html">
              AuthType Basic
              AuthName "Restricted Content"
              AuthUserFile /etc/apache2/example.htpasswd
              Require valid-user
  • apache2ctl restart


basic auth

But except from two IPs

  • sudo htpasswd -c /home/myusername/public/.htpasswd
  • <If "%{REMOTE_ADDR} != '' && %{REMOTE_ADDR} != ''">
      AuthType Basic
      AuthName "Please login"
      AuthUserFile "/home/myusername/public/.htpasswd"
      Require valid-user

Temporary Maintenance

  ErrorDocument 503 "Our website is temporarily closed for maintenance..."
  RewriteEngine On
  RewriteRule .* - [redirect=503,last]

Temporary Maintenance with Admin Access

    ErrorDocument 503 "Our website is temporarily closed for maintenance..."          RewriteEngine on
    RewriteCond %{REMOTE_ADDR} !^80\.110\.176\.152$
    RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
    RewriteRule .* - [redirect=503,last] 

Or with a maintenance page: https://css-tricks.com/snippets/htaccess/temporary-maintenance-using-mod_rewrite/

Permanent Redirect

Hard redirect

Redirect permanent / http://www.example.com/

(Seems to have problems with subpages: www.one.com/uno.php is redirected to www.two.comuno.php)

Redirect all (sub-)pages to a single new page

<VirtualHost *:80>
  ServerName www.old-name.com
  ServerAlias www.old-name2.com

  RewriteEngine On
  RewriteRule /.* http://www.new-name.com

Preserve subpage

<VirtualHost *:80>
  ServerName www.old-name.com

  RewriteEngine on
  RewriteCond %{HTTP_HOST} ^www\.old-name\.com$ [NC]
  RewriteRule ^(.*)$ http://www.new-name.com$1 [R=301,L]


Redirect to HTTPS

<VirtualHost *:80>
  ServerName www.example.com

  RewriteEngine On
  # This will enable the Rewrite capabilities

  RewriteCond %{HTTPS} !=on
  # This checks to make sure the connection is not already HTTPS

  RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
  # This rule will redirect users from their original location, to the same location but using HTTPS.
  # i.e.  http://www.example.com/foo/ to https://www.example.com/foo/
  # The leading slash is made optional so that this will work either in httpd.conf
  # or .htaccess context

  # Alternative which seems to work better for iPhones?
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]


Force SSL

<Directory /your/path>

Redirect only base dir

RewriteEngine On
RedirectMatch 301 ^/$ /horde/


On recent Ubuntu the "NameVirtualHost" directive goes into /etc/apache2/ports.conf:

NameVirtualHost *:80
NameVirtualHost *:443

Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to 
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443

<IfModule mod_gnutls.c>
    Listen 443

Reverse Proxy For Seamless Migration

  • a2enmod proxy_http
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPassReverse / http://YOUR_NEW_SERVERS_IP_ADDRESS/
  • apache2ctl stop
  • apache2ctl start
    • Note: a hard "stop/start" cycle seems to be necessary for proxy module

Restrict to IP

        <Location />
          Order deny,allow
          Deny from all
          Allow from
          Allow from 127

Protect a subdirectory/path

Example: password protect /admin/...

Options +FollowSymLinks +ExecCGI

AuthUserFile /var/www/app/public/.htpasswd
AuthGroupFile /dev/null
AuthName "Login required!"
AuthType Basic

SetEnvIf Request_URI .* noauth
SetEnvIf Request_URI /admin/* !noauth

# Require environment "noauth" or a valid (=authenticated) user
  Require env noauth
  Require valid-user




  • apache2ctl fullstatus


  • apt-get install apachetop
  • apachetop




  • top -> check usual apache "RES" memory usage e.g. 50MB
  • Check mysql mem usage: ps aux | grep 'mysql' | awk '{print $6/1024 " MB";}'
  • MaxClients = (totalmem - mysql - linux reserve) / average apache process size
    Example: (12000 - 500 - 500) / 75 = 146
  • Find out type of MPM:
    • apachectl -V | grep "Server MPM"
    • Example: Server MPM:     ITK -> based on "prefork MPM"
  • vi /etc/apache2/apache2.conf
    • TODO
  • apache2ctl restart




link in german: https://www.netnea.com/cms/apache-tutorial-9-reverse-proxy-einrichten/