LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 07-29-2004, 06:10 AM   #1
ne21
Member
 
Registered: Jun 2003
Location: Somewhere in Middle America
Distribution: Slackware 10, XandrOS
Posts: 61

Rep: Reputation: 15
Password protected Apache


I know this is a total n00b question, but I have Apache 1.3 running on a Slack box that is a great webserver, but I want to make a password protected directory where I can store a few personal appz and all without the whole world knowing about it. I know this can be done...just have no idea how to do so...Any ideas?
 
Old 07-29-2004, 06:32 AM   #2
LampMan
LQ Newbie
 
Registered: Jul 2004
Location: Plymouth, UK
Distribution: FC3, Slack 10 and Gentoo
Posts: 12

Rep: Reputation: 0
If you don't want to use a server-side language (like PHP or ASP or something like that), you can use .htaccess files.
Run 'vi /protected/directory/.htaccess' (you change it to meet your needs).
Put this into the file:

Code:
AuthName "Protected Files"
AuthType Basic
AuthUserFile /protected/directory/.htpasswd
Require valid-user
Then use the command 'htpasswd -bc /protected/directory/.htpasswd username password'

For example, if you wanted to protect the folder /var/www/protected_dir with username 'admin' and password 'foo' you could use:

/var/www/protected_dir/.htaccess:
Code:
AuthName "Protected Files"
AuthType Basic
AuthUserFile /var/www/protected_dir/.htpasswd
Require valid-user
htpasswd -bc /var/www/protected_dir/.htpasswd admin foo

If you go into http://localhost/protected_dir/ (assuming that /var/www is Apache's document root) you should get a prompt for a username and password.
If it doesn't work, open up httpd.conf and search for 'AllowOverride' in your server's document directory. It should say at least 'AuthConfig'; 'All' is fine.

There are countless guides on Google to how you can enhance this, incuding Apache's own at http://httpd.apache.org/docs/howto/htaccess.html

Last edited by LampMan; 07-29-2004 at 06:34 AM.
 
Old 07-29-2004, 03:28 PM   #3
ne21
Member
 
Registered: Jun 2003
Location: Somewhere in Middle America
Distribution: Slackware 10, XandrOS
Posts: 61

Original Poster
Rep: Reputation: 15
Ok, seems easy enough but do I need to name the files .htacess or would it be more like foo.htaccess and foo.htpassword?
 
Old 07-29-2004, 03:59 PM   #4
LampMan
LQ Newbie
 
Registered: Jul 2004
Location: Plymouth, UK
Distribution: FC3, Slack 10 and Gentoo
Posts: 12

Rep: Reputation: 0
You can name them whatever you like, as long as it's in your httpd.conf file.
Look for the line saying 'AccessFileName .htaccess': you can change this to foo.htaccess or whatever you like. Make sure that nobody can access the file from the outside, either by chmoding or adding to httpd.conf:
Code:
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>
<Files ~ "^\foo.ht">
    Order allow,deny
    Deny from all
</Files>
As the path to your .htpasswd file is defined in the .htaccess file, you can change this as long as the file still exists.
 
Old 07-30-2004, 12:51 AM   #5
ebasi
Member
 
Registered: Jul 2004
Distribution: Slackware 13.0
Posts: 49

Rep: Reputation: 15
About me is not a good idea to put .htpasswd file in the same directory, there is way to get your file. You can put it in some other directory (e.g. /var/www/authdir/.htpasswd). In .htaccess change
Code:
AuthUserFile /protected/directory/.htpasswd
to
Code:
AuthUserFile /var/www/htauth/.htpasswd
Excuse my English, it's horrible!
 
Old 07-30-2004, 01:08 AM   #6
ne21
Member
 
Registered: Jun 2003
Location: Somewhere in Middle America
Distribution: Slackware 10, XandrOS
Posts: 61

Original Poster
Rep: Reputation: 15
Looks like a lot of information, I will defeinately give this all a shot. I hope that it turns out to be less daunting of a task then some of the other things I have had to do with my httpd.conf file to make my glorius server world view come true. But thanks for the help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Password Protected Folder's vezril Linux - Security 2 06-06-2005 11:26 PM
setting up password protected web forms on an apache web server AZDAVE Linux - Security 3 07-07-2004 12:03 PM
Password Protected Folder? crab_2004 Linux - Software 2 02-22-2004 10:50 PM
password protected directories dsgdevil Linux - General 1 02-17-2003 12:02 AM
Password protected entries HHH Linux - General 3 06-27-2001 10:13 PM


All times are GMT -5. The time now is 10:55 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration