What is a '.htaccess' file and how can I use it in my website?

Our web server runs HTTPD, which allows for the use of '.htaccess' files to control server behavior for your website. To take advantage of this, simply use a text editor to create a filed called '.htaccess' and put it in your '~/public_html' directory. Here are some examples of '.htaccess' file contents:

Redirect to another directory

Redirect /old_dir/ http://www.yourdomain.com/new_dir/index.html

Simple password protection

AuthName "Member's Area Name"
AuthUserFile /path/to/password/file/.htpasswd
AuthType Basic
require valid-user

Where '.htpasswd' is a password file created by running the commmand:

htpasswd -b -c .htpasswd username password

You can always add more users to this file later by running the same command without the '-c' directive. More information on this command can be found here.

Cosign Password Protection

To secure access to a directory using University of Michigan uniquenames and passwords, you can employ the university's single sign on system, Cosign. Here's an example.

CosignProtected On
AuthType Cosign
Require user user1 user2 user3

Where 'user1', 'user2', and 'user3' are the uniquenames of the people you would like to grant access to.

Please note that this only works with HTTPS, and not HTTP. If a user attempts to access that directory with HTTPS, they will see an error message.

Redirect HTTP connections to HTTPS

If a user attempts to use HTTP to access a directory, you can use a rewrite condition to redirect them to HTTPS.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} /
RewriteRule (.*)$ https://www.eecs.umich.edu/$1 [R,L]

Allow access only to users from within the UM network

order allow,deny
allow from umich.edu
deny from all

This is just a taste of the power of '.htaccess' files. For more information, see this page.