This covers how to protect parts of a website in Apache using the .htaccess files.
To use .htaccess files, you need to enable it in the server configuration by specifying the directive AllowOverride AuthConfig, typically within the <Directory> section.
<Directory /opt/apache/htdocs>
AllowOverride AuthConfig
</Directory>
Create a password file, which should be placed somewhere not accessible from the web. For example if your documents are served in the directory /opt/apache/htdocs, you can put the password file in the /opt/apache/passwd directory. To create the file use the htpasswd command that came with Apache.
$ htpasswd -c /opt/apache/passwd/passwords myusername
Create an .htaccess file in the diretory you wish to protect. For example, if you wish to protect the directory /opt/apache/htdocs/protect:
$ cd /usr/local/apache/htdocs/protect/
$ nano .htaccess
Add the following lines inside the file:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /opt/apache/passwd/passwords
Require user myusername
- The
AuthTypedirective determines the method that is used to authenticate the user. The most common method isBasic, however, it sends the password unencrypted. - The
AuthNamedirective sets the Realm to be used in the authentication. The realm is used by the browser to determine what password to send for a given authenticated area. - The
AuthUserFiledirective sets the path to the password file that created withhtpasswd. - The
Requiredirective provides the authorization part of the process by setting the user that is allowed to access the protected area. To allow anyone in that is listed in the password file use:
Once the .htaccess file has been saved, you have restricted access to the area you want to protect.
For more information: http://httpd.apache.org/docs/2.0/howto/auth.html
Link Summary
Related posts: