Sunday, April 20, 2008

Basic apache .htaccess authentication

To restrict access to a specific directory

Create a .htaccess file in the directory that you want to restrict
AuthUserFile /path/to/.mypasswds
AuthGroupFile /dev/null
AuthName "Title for password box"
AuthType Basic
require user username
require user user2 # you can add more users by setting multiple require statements
# Require valid-user  # you can allow any user listed in password files.

To generate an encrypted password
Execute this shell command which will create the file .mypasswds with a hashed password entry
htpasswd -c /path/to/.mypasswds username
New password: password
Re-type new password: password

Enable the configuration
The module mod_auth must be loaded in Apache2 config
LoadModule auth_module modules/
Edit the Apache2 config files to set the AllowOverride for the directory you want to protect
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride AuthConfig

No comments: