Set Apache Password Protected Directories With .htaccess File


Q. How do I protecting a directory in Apache on linux?
A. There are many ways you can password protect directories under Apache web server. This is important to keep your file privates from both unauthorized users and search engines (when you do not want to get your data indexed). Here you will see the basics of password protecting a directory on your server. You can use any one of the following method:
  1. Putting authentication directives in a <Directory> section, in your main server configuration httpd.conf file, is the preferred way to implement this kind of authentication.
  2. If you do not have access to Apache httpd.conf file (for example shared hosting) then with the help of file called .htaccess you can create password protect directories. .htaccess file provide a way to make configuration changes on a per-directory basis.
In order to create apache password protected directories you need:
  • Password file
  • And Directory name which you would like to password protect (/var/www/docs)

Step # 1: Make sure Apache is configured to use .htaccess file

You need to have AllowOverride AuthConfig directive in httpd.conf file in order for these directives to have any effect. Look for DocumentRoot Directory entry. In this example, our DocumentRoot directory is set to /var/www. Therefore, my entry in httpd.conf looks like as follows:
<Directory /var/www>
Options Indexes Includes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
Save the file and restart Apache
If you are using Red Hat /Fedora Linux:
# service httpd restart
If you are using Ubuntu Linux:
# /etc/init.d/apache2 restart

Step # 2: Create a password file with htpasswd

htpasswd command is used to create and update the flat-files (text file) used to store usernames and password for basic authentication of Apache users. General syntax:
htpasswd -c password-file username
Where,
  • -c : Create the password-file. If password-file already exists, it is rewritten and truncated.
  • username : The username to create or update in password-file. If username does not exist in this file, an entry is added. If it does exist, the password is changed.
Create directory outside apache document root, so that only Apache can access password file. The password-file should be placed somewhere not accessible from the web. This is so that people cannot download the password file:
# mkdir -p /home/secure/
Add new user called vivek
# htpasswd -c /home/secure/apasswords vivek
Make sure /home/secure/apasswords file is readable by Apache web server. If Apache cannot read your password file, it will not authenticate you. You need to setup a correct permission using chown command. Usually apache use www-data user. Use the following command to find out Apache username. If you are using Debian/ubuntu Linux use pache2.conf, type the following command:
# grep -e '^User' /etc/apache2/apache2.conf
Output:
www-data
Now allow apache user www-data to read our password file:
# chown www-data:www-data /home/secure/apasswords
# chmod 0660 /home/secure/apasswords
If you are using RedHat and Fedora core, type the following commands :
# grep -e '^User' /etc/httpd/conf/httpd.conf
Output:
apache
Now allow apache user apache to read our password file:
# chown apache:apache /home/secure/apasswords
# chmod 0660 /home/secure/apasswords
Now our user vivek is added but you need to configure the Apache web server to request a password and tell the server which users are allowed access. Let us assume you have directory called /var/www/docs and you would like to protect it with a password.
Create a directory /var/www/docs if it does not exist:
# mkdir -p /var/www/docs
Create .htaccess file using text editor:
# cd /var/www/docs
# vi .htaccess
Add following text:
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /home/secure/apasswords
Require user vivek
Save file and exit to shell prompt.

We could use Require user valid-user

for any defined user

Step # 3: Test your configuration

Fire your browser type url http://yourdomain.com/docs/ or http://localhost/docs/ or http://ip-address/docs
When prompted for username and password please supply username vivek and password. You can add following lines to any file <Diretory> entry in httpd.conf file:
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /home/secure/apasswords
Require user vivek
To change or setup new user use htpasswd command again.

Troubleshooting

If password is not accepted or if you want to troubleshoot authentication related problems, open and see apache access.log/error.log files:
Fedora Core/CentOS/RHEL Linux log file location:
# tail -f /var/log/httpd/access_log
# tail -f /var/log/httpd/error_log

Debian/Ubuntu Linux Apache 2 log file location:
# tailf -f /var/log/apache2/access.log
# tailf -f /var/log/apache2/error.log

See also:


Comments

  1. Có một làn da đẹp và ngăn ngừa quá trình lão hóa da chính là đều mà hầu hết mọi phụ nữ điều ao ước có được thuốc giảm cân 1234 diet drops , nó không quá khó nếu bạn dùng Oxynergy Time Exception Serum sẽ giúp đẹp da và ngăn lão hóa da hiệu quả và an toàn , ngoài ra khi ra ngoài nên kết hợp với trang điểm nhẹ nhàng bằng love me for me flawless finish powder compact , pillow plush cushiony lip balmlip gallery creamy color classic lipstick sẽ giúp các bạn trông đẹp hơn và thêm tự tin khi ra ngoài . Ngoài ra nên kết hợp với các loại collagen làm đẹp da shiseido pure white mỗi ngày . Thật tuyệt vời nếu các cô gái được các tràng trai khen đẹp và thơm mát , để có được điều này nên dùng amazonian wild lily shower gel , Fijian Water Lotus Shower Gel , atlas mountain rose shower gel , những sản phẩm này được làm từ thiên nhiên nên rất an toàn hiệu quả rất cao mà ai cũng muốn sử dụng.

    ReplyDelete
  2. The entire process of taking a snapshot takes less than a minute. The snapshot that is taken includes information about the various services, the file system that is required and the registry changes that can be copied on to a remote machine. driver toolkit key

    ReplyDelete

  3. There is no better protection than the use of cloud storage of personal data servers!
    data room reviews

    ReplyDelete

Post a Comment

Pascal Fares and Open Source Lebanese Movement >

Popular posts from this blog

Setting Up Network RAID1 With DRBD On Ubuntu 12.04

HOWTO remove all dangling commits from your git repository