Understand default .htaccess file configuration
One of our main goals is to configure Bitnami applications in the most secure way. For this reason, we moved the configuration in the .htaccess files to the main application configuration files and set the AllowOverride option to None by default.
NOTE: The Apache Software Foundation also recommends this configuration. To quote: “For security and performance reasons, do not set AllowOverride to anything other than None in your
block. Instead, find (or create) the block that refers to the directory where you’re actually planning to place a .htaccess file.”
Understand .htaccess files
The content of the .htaccess files have been moved to the /opt/bitnami/apps/APPNAME/conf/htaccess.conf file. For example:
The /opt/bitnami/apps/APPNAME/conf/httpd-app.conf file is the main application configuration file. It also sources the htaccess.conf file.
<Directory "/opt/bitnami/apps/APPNAME/htdocs"> Options +MultiViews AllowOverride None <IfVersion < 2.3 > Order allow,deny Allow from all </IfVersion> <IfVersion >= 2.3> Require all granted </IfVersion> </Directory> Include "/opt/bitnami/apps/APPNAME/conf/htaccess.conf"
The /opt/bitnami/apps/APPNAME/conf/htaccess.conf file ships the content of all .htaccess files required by the application. It typically looks like this:
<Directory /opt/bitnami/apps/APPNAME/htdocs/cache> Deny from all </Directory> <Directory /opt/bitnami/apps/APPNAME/htdocs/images> # Protect against bug 28235 <IfModule rewrite_module> RewriteEngine On RewriteCond %{QUERY_STRING} \.[^\\/:*?\x22<>|%]+(#|\?|$) [nocase] RewriteRule . - [forbidden] </IfModule> </Directory> <Directory /opt/bitnami/apps/APPNAME/htdocs/includes> Deny from all </Directory> <Directory /opt/bitnami/apps/APPNAME/htdocs/languages> Deny from all </Directory> <Directory /opt/bitnami/apps/APPNAME/htdocs/maintenance> Deny from all </Directory> <Directory /opt/bitnami/apps/APPNAME/htdocs/maintenance/archives> Deny from all </Directory> <Directory /opt/bitnami/apps/APPNAME/htdocs/serialized> Deny from all </Directory>
Watch the following video to learn how to configure .htaccess file (this video uses WordPress as a sample application):
Add a new section in the .htaccess file when installing a plugin
Some plugins, during their installation, create a .htaccess file in either the /opt/bitnami/apps/APPNAME/htdocs/ or in the /opt/bitnami/apps/APPNAME/htdocs//plugins directory that can not be read by Apache. For that reason, we recommend to move the content of that file to the /opt/bitnami/apps/APPNAME/conf/htaccess.conf file. Follow these steps:
Add a new entry in the /opt/bitnami/apps/APPNAME/conf/htaccess.conf file specifying the path where the htaccess file is (/opt/bitnami/apps/APPNAME/htdocs/ or /opt/bitnami/apps/APPNAME/htdocs//plugins) and pasting below the content of that file.
NOTE: CONTENT is a placeholder, replace it with the content of the /opt/bitnami/apps/APPNAME/htdocs/.htaccess file created by the plugin.
... <Directory "/opt/bitnami/apps/APPNAME/htdocs/"> CONTENT </Directory>
Restart Apache to make the changes take effect:
$ sudo /opt/bitnami/ctlscript.sh restart