Sometimes we have to place content on our webserver we want to protect and only accessed by privileged users.
A basic security can be established by a password restricted folder access, enforced by the Apache Webserver itself.
This can be done by some simple instructions added to our .htaccess file:
(In case you haven’t already a .htaccess file, just create a new file calling it .htaccess and locating it in the folder you want to protect.)
AuthName "Protected Area"
These commands will tell the Apache webserver that the folder in question (and all below) are now protected and it needs a valid combination of username/password to access it.
- AuthName is some free form text you can specify, telling the visitor what you are asking for and Apache Webserver will show in it’s dialog box.
- AuthUserFile is the reference to the stored .htpasswd file containing all valid username/password combinations to access the folder in question (ususally and best located out of the protected directory tree).
Having that done we now need to create the necessary .htpasswd file which we can do interactive on our server with the command:
htpasswd2 -c FILE USER
Assuming html is your webroot, a valid example, for protecting a folder called images below our webroot and using demouser/demopassword as user credentials, would be:
(Locate this file within the folder images and be aware to use an absolute path for AuthUserFile, as for www.domain.com would be wrong!)
AuthName "Login for Secure Area"
(Create a new file called .htpasswd and locate this file within the folder you’ve specified within AuthUserFile path.)