Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can someone help. i want to password protect a webpage. i created the password file with .htpasswd and also the .htaccess file. i enabled the allowOverride to AuthConfig option in httpd.conf for the directory but still i cant get the password prompt when i visit the page. any ideas. is there any other option i have to enable?
Read this: http://httpd.apache.org/docs/howto/htaccess.html
If it still doesn't work post again, showing a stripped down apache/httpd.conf (without all the quotes, just the config) and the .htaccess file.
Password Protecting Directories using .htpasswd
March 20, 2005
The Objective: To password protect directories on an Apache web server using .htaccess and .htpasswd configuration files.
What does a .htaccess file do?
.htaccess configuration files provide for configuration changes on a per-directory basis. For example, a .htaccess configuration file placed in your "Download" directory makes configuration changes only to the "Download" directory and it's sub-directories.
.htaccess configuration files can be used to password protect directories, create custom error pages, and much more.
Enabling .htaccess
By default, the Apache configuration file (httpd.conf) disables .htaccess.
To enable .htaccess, change "AllowOverride" from "None" to "All" in the htaccess section of the Apache configuration file (httpd.conf). The Apache configuration file is lengthy and thus finding the .htaccess section is difficult unless you use Notepad or Wordpad's search function.
Restart the Apache web server application.
Creating the .htaccess File
Create a text document and type the following:
AuthName "This directory is password protected. Please enter a valid username and password."
AuthType Basic
AuthUserFile /path_to_your_htpasswd_file/.htpasswd
Require valid-user
"This directory is password protected. Please enter a valid username and password" is the message displayed during the user login.
The "/path_to_your_htpasswd_file/.htpasswd" is the relatvie path to your .htpasswd file. Depending on your Apache server configuration, you may need to use an absolute path such as "C:/Program Files/Apache Group/Apache/conf/.htpasswd" (including the quotation marks).
The .htpasswd file contains the username and passwords for accounts on your Apahce web server. By default, the Apache web server disables access to files beginning with .ht so that the contents of your .htpasswd file cannot be viewed. However, it is recommended that you place your .htpasswd file in a private directory, such as the Apache "conf" directory.
Upload the text document into the directory you want to password protect and rename it ".htaccess" using a File Transfer Protocol (FTP) client.
Creating the .htpasswd file
The .htpasswd file contains the username and password for accounts on your web server in the following format:
KxS, a virtual web hosting company, has a great .htpasswd password encryptor. Copy and paste the username and password combination into a text document. Upload the text document you created earlier and rename it ".htpasswd" using a File Transfer Protocol (FTP) client.
Note: Windows XP Home servers do NOT support password encryption in the .htpasswd file. The .htpasswd file must contain the username and password (not encrypted) on Windows XP Home servers.
Congratulations! The directory your .htaccess configuration file is placed in is now password protected
Last edited by jzimmerlin; 07-25-2006 at 05:09 PM.
make sure your htaccess file is correctly pointing at your htpasswd file and make sure you htaccess file is in the directory with the pages you are looking to protect, it will only protect that directory and sub directories I belive too
I finally got a prompt to enter the password but the credintials cant authonticate aginst the password file. am quite sure the path is correct in .htaccess.
Did you correctly hash the passwords and add usernames to the htpassword file? There are programs and internet sites that will give you the hash for the file
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.