Exercise: Changing the default directory page.  Normally the default directory page is index.html.  As an intro to using the httpd.conf file where going to change the default page apache serves when a directory is requested to something else.

Open up the httpd.conf file (Located: C:\Program Files\Apache Group\Apache2\conf\httpd.conf) with Notepad - then do a search for index.html.  (Any line that starts with the # symbol in the configuration file is a Comment).  This should bring you to a line of code that looks like this:  

DirectoryIndex index.html index.html.var

Change this to DirectoryIndex MyNewIndex.html Now whenever you request a specific directory - this will be the page Apache will first look for.  You can add additional default pages to that and Apache will look for those pages in that order, personally I like to change this to DirectoryIndex index.php index.html index.htm.  (This is usually never needed - although it's nice to know how to do).

Exercise: Using .htaccess files.  .htaccess files are like small parts of the web server configuration.  You can place these file's in specific directory's to override the settings in the main httpd.conf file and to add special access controls and functionality to that directory.  .htaccess files are valid for all folders that are contained within the you've placed it in.  To allow the use of .htaccess files we do however have to change one part of the httpd.conf file.  Open up that file with Notepad now and change the following line:  (search httpd.conf for 'AllowOverride' to find the line faster).

AllowOverride None  To  AllowOverride All (This allows us to use .htaccess files in any directory).

Example 1:  Creating directory specific DirectoryIndex files.  Use notepad or a similar text editor to create a file called .htaccess and place that file in a directory/folder you want this to be valid for. Inside this file place the following;

DirectoryIndex MyMainPage.html 

This will make it so that if you visit this directory (folder) such as http://localhost/MyFolder/ - the default start page will be MyMainPage.html.

Example 2: Creating Custom error pages within a specific directory.  Follow the above steps to create a .htaccess file and add the following to that file;

ErrorDocument 404 http://www.domain.com/404.html
ErrorDocument 401 http://www.domain.com/401.html
ErrorDocument 500 http://www.domain.com/500.html

This just creates custom error documents and tells the server what to do and where to go if it finds an error such as your page not being found.  You can also specify default error pages in the main httpd.conf settings. However those settings will be valid throughout your site and not just in one directory.

Example 3:  Creating a password protected Directory.  This gets a little tricky.  But is one of the most useful examples of the .htaccess file for our purpose's.  Create an .htaccess file as before with the following and place it inside any directory you want to password protect.

AuthName "restricted stuff"
AuthType Basic
AuthUserFile C:\Passwords\users

require valid-user

You will also need to create a file that contains a UserName and a Password.  This file will be called (for this example) users (with no file extension) and placed in a folder we just created called Passwords at C:\Passwords\. Their are two basic ways you can create the UserName and encrypted password 1 way is using the PHP crypt() function, the second is using the htpasswd program that comes with Apache.  We will be using the second method.  

To create this file you'll have to open a Dos prompt and CD (Change directory) to CD C:\Program Files\Apache Group\Apache2\Bin\ Then run the following command:

htpasswd -bc users Jeff mypass  (the format is -bc NameToCallFile UserName Password).  This will create a file called users in the Bin directory.  The contents will look similiar to:  Jeff:$apr1$aq2.....$OtFywTSs9g9dBsnFlTRTj/  (The first part is the userName the second part after the colon is the encrypted password). Copy and paste this file into the C:\Passwords\ folder we created just a bit ago. 

When you try to access the Folder/Directory you placed this .htaccess file in with a web browser you will be prompted to enter a UserName and Password.  Enter in the UserName and password you used to create the file and you'll be allowed in. 

Overall it's not that important or secure to use this type of directory protection on Windows (cause it's still windows after all) and where mainly going to be using this as a local testing area.  If you allow access to your server by others from all over the internet it will still help in keeping specified directory's contents private and with controlled access.