The MIT SIPB Web Server, www.mit.edu supports .htaccess files which
allow you to do three broad categories of things:

1) You can add information about files, such as what MIME types to
send to clients based on file endings.  

2) You can change the way directory listings appear.

3) You can restrict access to web pages.  Due to the nature of AFS,
this can be misleading.  You can require that a user enter a password
or be in a particular domain in order to access a page via the web
with .htaccess files, but in order for the web server to serve the
files, they must be world readable.  This means, if someone wants to
access the document you have restricted, they may have other
mechanisms (AFS access, another web server, etc.) by which they could
get at the document.  For this reason, you should only consider
.htaccess files as a way to put a barrier to make it a little harder
for someone to access a file.  It should not be used when privacy is
essential.  If you need absolute control over who can view the
documents, running your own server is the only approach that will
work.

For more information abou what can go in .htaccess files, see
http://www.apache.org/docs/directives.html

The SIPB web server allows the following directives:

AuthDBMGroupFile, AuthDBMUserFile,AuthGroupFile, AuthName, AuthType,
AuthUserFile, require, AddEncoding, AddLanguage, AddType, DefaultType,
LanguagePriority, AddDescription, AddIcon, AddIconByEncoding,
AddIconByType, DefaultIcon, DirectoryIndex, FancyIndexing, HeaderName,
IndexIgnore, IndexOptions, ReadmeName, and Limit.