14. Dec. 2008

Sometimes we have to place content on our webserver we want to protect and only accessed by privileged users.

A basic security can be established by a password restricted folder access, enforced by the Apache Webserver itself.

This can be done by some simple instructions added to our .htaccess file:
(In case you haven’t already a .htaccess file, just create a new file calling it .htaccess and locating it in the folder you want to protect.)

AuthType Basic
AuthName "Protected Area"
AuthUserFile FILE
require valid-user

These commands will tell the Apache webserver that the folder in question (and all below) are now protected and it needs a valid combination of username/password to access it.

  • AuthName is some free form text you can specify, telling the visitor what you are asking for and Apache Webserver will show in it’s dialog box.
  • AuthUserFile is the reference to the stored .htpasswd file containing all valid username/password combinations to access the folder in question (ususally and best located out of the protected directory tree).

Having that done we now need to create the necessary .htpasswd file which we can do interactive on our server with the command:

htpasswd2 -c FILE USER

Assuming html is your webroot, a valid example, for protecting a folder called images below our webroot and using demouser/demopassword as user credentials, would be:

.htaccess:
(Locate this file within the folder images and be aware to use an absolute path for AuthUserFile, as for www.domain.com would be wrong!)

AuthUserFile /home/username/html/.htpasswd
AuthType Basic
AuthName "Login for Secure Area"
require valid-user

.htpasswd
(Create a new file called .htpasswd and locate this file within the folder you’ve specified within AuthUserFile path.)

demouser:$1$OHq3K5v3$pvFrGsHjWwYjpkZhc70T9.

No comments yet »

No comments yet.

Leave a comment

You have to log in to be able to comment.