Password protected Apache

ne21 · 07-29-2004, 06:10 AM

I know this is a total n00b question, but I have Apache 1.3 running on a Slack box that is a great webserver, but I want to make a password protected directory where I can store a few personal appz and all without the whole world knowing about it. I know this can be done...just have no idea how to do so...Any ideas?

LampMan · 07-29-2004, 06:32 AM

If you don't want to use a server-side language (like PHP or ASP or something like that), you can use .htaccess files.
Run 'vi /protected/directory/.htaccess' (you change it to meet your needs).
Put this into the file:

Code:

AuthName "Protected Files"
AuthType Basic
AuthUserFile /protected/directory/.htpasswd
Require valid-user

Then use the command 'htpasswd -bc /protected/directory/.htpasswd username password'

For example, if you wanted to protect the folder /var/www/protected_dir with username 'admin' and password 'foo' you could use:

/var/www/protected_dir/.htaccess:

Code:

AuthName "Protected Files"
AuthType Basic
AuthUserFile /var/www/protected_dir/.htpasswd
Require valid-user

htpasswd -bc /var/www/protected_dir/.htpasswd admin foo

If you go into http://localhost/protected_dir/ (assuming that /var/www is Apache's document root) you should get a prompt for a username and password.
If it doesn't work, open up httpd.conf and search for 'AllowOverride' in your server's document directory. It should say at least 'AuthConfig'; 'All' is fine.

There are countless guides on Google to how you can enhance this, incuding Apache's own at http://httpd.apache.org/docs/howto/htaccess.html

ne21 · 07-29-2004, 03:28 PM

Ok, seems easy enough but do I need to name the files .htacess or would it be more like foo.htaccess and foo.htpassword?

LampMan · 07-29-2004, 03:59 PM

You can name them whatever you like, as long as it's in your httpd.conf file.
Look for the line saying 'AccessFileName .htaccess': you can change this to foo.htaccess or whatever you like. Make sure that nobody can access the file from the outside, either by chmoding or adding to httpd.conf:

Code:

<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>
<Files ~ "^\foo.ht">
    Order allow,deny
    Deny from all
</Files>

As the path to your .htpasswd file is defined in the .htaccess file, you can change this as long as the file still exists.

ebasi · 07-30-2004, 12:51 AM

About me is not a good idea to put .htpasswd file in the same directory, there is way to get your file. You can put it in some other directory (e.g. /var/www/authdir/.htpasswd). In .htaccess change

Code:

AuthUserFile /protected/directory/.htpasswd

to

Code:

AuthUserFile /var/www/htauth/.htpasswd

Excuse my English, it's horrible!

ne21 · 07-30-2004, 01:08 AM

Looks like a lot of information, I will defeinately give this all a shot. I hope that it turns out to be less daunting of a task then some of the other things I have had to do with my httpd.conf file to make my glorius server world view come true. But thanks for the help.