Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Can someone help. i want to password protect a webpage. i created the password file with .htpasswd and also the .htaccess file. i enabled the allowOverride to AuthConfig option in httpd.conf for the directory but still i cant get the password prompt when i visit the page. any ideas. is there any other option i have to enable?
Password Protecting Directories using .htpasswd
March 20, 2005
The Objective: To password protect directories on an Apache web server using .htaccess and .htpasswd configuration files.
What does a .htaccess file do?
.htaccess configuration files provide for configuration changes on a per-directory basis. For example, a .htaccess configuration file placed in your "Download" directory makes configuration changes only to the "Download" directory and it's sub-directories.
.htaccess configuration files can be used to password protect directories, create custom error pages, and much more.
By default, the Apache configuration file (httpd.conf) disables .htaccess.
To enable .htaccess, change "AllowOverride" from "None" to "All" in the htaccess section of the Apache configuration file (httpd.conf). The Apache configuration file is lengthy and thus finding the .htaccess section is difficult unless you use Notepad or Wordpad's search function.
Restart the Apache web server application.
Creating the .htaccess File
Create a text document and type the following:
AuthName "This directory is password protected. Please enter a valid username and password."
"This directory is password protected. Please enter a valid username and password" is the message displayed during the user login.
The "/path_to_your_htpasswd_file/.htpasswd" is the relatvie path to your .htpasswd file. Depending on your Apache server configuration, you may need to use an absolute path such as "C:/Program Files/Apache Group/Apache/conf/.htpasswd" (including the quotation marks).
The .htpasswd file contains the username and passwords for accounts on your Apahce web server. By default, the Apache web server disables access to files beginning with .ht so that the contents of your .htpasswd file cannot be viewed. However, it is recommended that you place your .htpasswd file in a private directory, such as the Apache "conf" directory.
Upload the text document into the directory you want to password protect and rename it ".htaccess" using a File Transfer Protocol (FTP) client.
Creating the .htpasswd file
The .htpasswd file contains the username and password for accounts on your web server in the following format:
KxS, a virtual web hosting company, has a great .htpasswd password encryptor. Copy and paste the username and password combination into a text document. Upload the text document you created earlier and rename it ".htpasswd" using a File Transfer Protocol (FTP) client.
Note: Windows XP Home servers do NOT support password encryption in the .htpasswd file. The .htpasswd file must contain the username and password (not encrypted) on Windows XP Home servers.
Congratulations! The directory your .htaccess configuration file is placed in is now password protected
Last edited by jzimmerlin; 07-25-2006 at 05:09 PM.
make sure your htaccess file is correctly pointing at your htpasswd file and make sure you htaccess file is in the directory with the pages you are looking to protect, it will only protect that directory and sub directories I belive too