nativeInstallerneos

Understand default .htaccess file configuration

Before running the commands shown on this page, you should load the Bitnami stack environment by executing the installdir/use_APPNAME script (Linux and Mac OS X) or by clicking the shortcut in the Start Menu under “Start -> Bitnami APPNAME Stack -> Application console” (Windows). Learn more.

One of our main goals is to configure Bitnami applications in the most secure way. For this reason, we moved the configuration in the .htaccess files to the main application configuration files and set the AllowOverride option to None by default.

NOTE: The Apache Software Foundation also recommends this configuration. To quote: “For security and performance reasons, do not set AllowOverride to anything other than None in your block. Instead, find (or create) the block that refers to the directory where you’re actually planning to place a .htaccess file.”

Understand .htaccess files

The content of the .htaccess files have been moved to the installdir/apps/APPNAME/conf/htaccess.conf file. For example, the Bitnami MediaWiki application uses the following configuration files:

  • The installdir/apps/mediawiki/conf/httpd-app.conf file is the main application configuration file (previous versions called it mediawiki.conf). It also sources the htaccess.conf file.

    <Directory "installdir/apps/mediawiki/htdocs">
        Options +MultiViews
        AllowOverride None
        <IfVersion < 2.3 >
        Order allow,deny
        Allow from all
        </IfVersion>
        <IfVersion >= 2.3>
        Require all granted
        </IfVersion>
    </Directory>
    Include "installdir/apps/mediawiki/conf/htaccess.conf"
    
  • The installdir/apps/mediawiki/conf/htaccess.conf file ships the content of all .htaccess files required by the application. It typically looks like this:

    <Directory installdir/apps/mediawiki/htdocs/cache>
      Deny from all
    </Directory>
    <Directory installdir/apps/mediawiki/htdocs/images>
      # Protect against bug 28235
      <IfModule rewrite_module>
        RewriteEngine On
        RewriteCond %{QUERY_STRING} \.[^\\/:*?\x22<>|%]+(#|\?|$) [nocase]
        RewriteRule . - [forbidden]
      </IfModule>
    </Directory>
    <Directory installdir/apps/mediawiki/htdocs/includes>
      Deny from all
    </Directory>
    <Directory installdir/apps/mediawiki/htdocs/languages>
      Deny from all
    </Directory>
    <Directory installdir/apps/mediawiki/htdocs/maintenance>
      Deny from all
    </Directory>
    <Directory installdir/apps/mediawiki/htdocs/maintenance/archives>
      Deny from all
    </Directory>
    <Directory installdir/apps/mediawiki/htdocs/serialized>
      Deny from all
    </Directory>
    

Add a new section in the .htaccess file when installing a plugin

Some plugins, during their installation, create a .htaccess file in either the installdir/apps/APPNAME/htdocs/ or in the installdir/apps/APPNAME/htdocs//plugins directory that can not be read by Apache. For that reason, we recommend to move the content of that file to the installdir/apps/APPNAME/conf/htaccess.conf file. Follow these steps:

  • Add a new entry in the installdir/apps/APPNAME/conf/htaccess.conf file specifying the path where the htaccess file is (installdir/apps/APPNAME/htdocs/ or installdir/apps/APPNAME/htdocs//plugins) and pasting below the content of that file.

    NOTE: CONTENT OF THE .htaccess FILE HERE is a placeholder, replace it with the content of the installdir/apps/APPNAME/htdocs/.htaccess file created by the plugin.

    ...
    <Directory "installdir/apps/APPNAME/htdocs/">
    CONTENT OF THE .htaccess FILE HERE
    </Directory>
    
  • Restart Apache to make the changes take effect:

    $ sudo installdir/ctlscript.sh restart