Configure web site access on VPS

So I spent some time trying to figure out why drupal wouldn't allow clean URLs and why I couldn't lock down directory listings on my shiny new VPS.

I knew from plenty of experience on shared servers that if you use .htaccess you can set Options -Indexes and this will stop prying eyes from getting a directory listing of your site. But this wasn't working.

I finally found this article http://httpd.apache.org/docs/2.0/howto/htaccess.html which states:

"There is, for example, a prevailing misconception that user authentication should always be done in .htaccess files. This is simply not the case. You can put user authentication configurations in the main server configuration, and this is, in fact, the preferred way to do things."

I was surprised to find that you should not use .htaccess files if you have root access! Many blog entries I read said that .htaccess should be used even when the person asking the question obviously had root access. When you have root access use of the apache2 main server configuration file (e.g. /etc/apache2/sites-available/default) should be made.

So once I figured that out (about an hour) it took about 5 minutes to extract the bits I needed out of the drupal .htaccess file and copy them in between the directory tags, restart apache (sudo apache2ctl restart) and hey presto, I could enable Clean URLs and access denied on directory lists!