Apache Basics Cheat Sheet

Apache HTTP Server configuration: virtual hosts, .htaccess overrides, mod_rewrite rules, access control, and essential directives for web server management.

Last Updated: May 1, 2025

Configuration Files

/etc/apache2/apache2.conf

Main config (Debian) or /etc/httpd/conf/httpd.conf (RHEL)

/etc/apache2/sites-available/

Virtual host definitions (Debian layout)

/etc/apache2/sites-enabled/

Symlinks to active virtual hosts

a2ensite mysite.conf

Enable a site (creates symlink in sites-enabled)

a2dissite mysite.conf

Disable a site (removes symlink)

a2enmod rewrite

Enable an Apache module (e.g., rewrite, ssl, headers)

apachectl -t

Test configuration syntax before restart/reload

apachectl graceful

Gracefully reload config (respects active connections)

Virtual Hosts

Item	Description
	Listen on port 80 for all IPs
`ServerName example.com`	Primary domain for this virtual host
`ServerAlias www.example.com`	Additional domains for this virtual host
`DocumentRoot /var/www/example`	Directory where site files live
`ErrorLog ${APACHE_LOG_DIR}/error.log`	Path to error log for this vhost
`CustomLog ${APACHE_LOG_DIR}/access.log combined`	Access log with combined format
	Directory-specific settings block

mod_rewrite Essentials

RewriteEngine On

Enable URL rewriting for this context

RewriteRule ^old$ /new [R=301,L]

Redirect /old to /new permanently

RewriteRule ^user/(\d+)$ profile.php?id=$1 [L]

Rewrite /user/123 → profile.php?id=123

RewriteCond %{HTTPS} off

Condition: only apply rewrite if not HTTPS

RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

Force HTTPS redirect

RewriteCond %{REQUEST_FILENAME} !-f

If requested file doesn't exist...

RewriteCond %{REQUEST_FILENAME} !-d

If requested directory doesn't exist...

RewriteRule ^ index.php [L]

Route everything to index.php (front controller)

.htaccess Directives

Item	Description
`AllowOverride All`	Enable .htaccess in directory (performance cost!)
`Options -Indexes`	Disable directory listing (security)
`Redirect 301 /old /new`	Simple redirect from .htaccess
`ErrorDocument 404 /404.html`	Custom 404 error page
`Header set X-Frame-Options DENY`	Security — prevent clickjacking
`order deny,allow; deny from all`	Restrict access by method + IP

Pro Tip: Disable .htaccess in production for performance (AllowOverride None). Use `apachectl -t` to test config. mod_rewrite logs at LogLevel alert rewrite:trace6 for debugging.