Ubuntu Tutorials

I just recently started using DropBox on Ubuntu 8.10 “Intrepid Ibex” and leftyfb in IRC pointed out to me a nifty little trick with .htaccess files.  If you’ve been using DropBox I’m sure you’ve seen or made use of the Public folder and sharing files.  You may have also noticed that the DropBox Public links are long and likely hard to remember when needed.

One thing that you can do, if you have your own web server, is dynamically generate these public links.  For example:

Original DropBox Public URL:

http://dl.getdropbox.com/u/312414/Christer_Edwards.asc

DropBox Public URL with .htaccess trick:

http://zelut.org/dropbox/Christer_Edwards.asc

In order to accomplish this you’ll need access to a webserver and the ability to create and use a .htaccess file.  On my webserver I created a folder called “dropbox” and then pasted the following into a new file, .htaccess:

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ http://dl.getdropbox.com/u/012345/$1 [L,QSA]

You will need to replace the “012345″ with your unique ID.  As you notice from the original link above, my unique ID is “312414″.  You can find yours by copying the public link within Nautilus.

Once this is done you can share files by placing them into your DropBox Public folder and then appending the filename to your webserver URL + created folder.  Again, since I created the folder “dropbox” on http://zelut.org/, my url is http://zelut.org/dropbox/.  I simply append the filename I want to share and its done!

If anyone can suggest a way to present this URL with an index.html that may be a cool trick.

This post is not so much a tutorial as my own notes on restricting access with .htaccess files and apache. As has been the case with many of my previous tutorials, the basis is writing the steps down so I can refer to them later. Turns out making notes public on a blog is a good idea. In any event, this will outline restricting access to directories on a user-level with .htaccess.

Create the .htaccess file

To limit access to a directory we need to create a .htaccess file where we will outline the restrictions for the location. Any folder within your publicly accessible web page can have its own custom .htaccess file. note: some shared hosting companies do not allow custom .htaccess restrictions for individual sites. You may need to check with your host on this.

Within your .htaccess file you would include something along these lines:

# sample .htaccess file
AuthName "Private Website"
AuthType basic
AuthUserFile /path/to/.htpasswd
require user username (optional)

In the above sample config “Private Website” can be any message you want displayed to the user when trying to authenticate to that page. /path/to/.htpasswd is what we will work on next in generating usernames and hashed passwords for authentication. require user username can limit access to only those users listed.

Create the .htpasswd file

In the .htaccess file we’ve outlined a path/to/.htpasswd file which we need to also create. It is a good idea to keep this file in a non web-accessible location. For example, if your web root is /var/www/html/ you might put the .htpasswd file in /var/www/.htpasswd. This way it is not accessible publicly and limits the chances of someone being able to get a hold of and attempt to break your hashed passwords for access.

To populate the .htpasswd file we’ll use the command htpasswd. To initially create the file we’d use:

htpasswd -cm /var/www/.htpasswd user-one

The -c will initially create the file. The -m will md5 encrypt the passwords for additional security. The htpasswd command will prompt you for a password.

To add additional users to your .htpasswd access list use:

htpasswd -m /var/www/.htpasswd user-two

Be careful not to use the -c option when adding additional users as this will recreate the file and overwrite previous entries.

Once these two files are in place access to the folder containing the .htaccess file will be limited to only those users listed within the .htpasswd file and require authentication via a password. This is great for sharing web accessible files with only certain users, creating private folders, etc.

If your host allows custom .htaccess file creation but does not provide you access to the htpasswd command you can try to generate your .htpasswd file using an apache installation on a local machine and copying the resulting files over.