Home

Setting Apache Passwords


Tags: 
Password Protecting a file or directory in Apache
************************************************************************



changes to the httpd.conf file:
-------------------------------

Default: This disables the processing of .htaccess files for the system.

         <Directory />
         AllowOverride None
         </Directory>

or for a specified directory:

         <Directory /home/domain/public_html>
         AllowOverride None
         </Directory>

Change to and/or specify directory to protect:

         <Directory /home/domain/public_html/membersonly>
         AllowOverride All
         </Directory>

OR

         <Directory /home/domain/public_html/membersonly>
         AllowOverride AuthConfig
         </Directory>
-------------------------------
(AllowOverride parameters: AuthConfig FileInfo Indexes Limits Options)




Example httpd.conf entry for a password protected file:
-------------------------------------------------------

<Directory "/usr/local/apache2/htdocs/php/">
<Files ~ "firstv2.php">
AuthType Basic
AuthName "Restricted File"
AuthUserFile /usr/local/apache2/conf/.htpasswd
Require valid-user
    Options Indexes FollowSymLinks MultiViews
    AllowOverride AuthConfig
    Order allow,deny
    Allow from all
</Files>
</Directory>


Example httpd.conf entry for a password protected directory:
------------------------------------------------------------

<Directory "/usr/local/apache2/htdocs/nuts_bolts/">
AuthType Basic
AuthName "Restricted Directory"
AuthUserFile /usr/local/apache2/conf/.htpasswd
Require valid-user
    Options Indexes FollowSymLinks MultiViews
    AllowOverride AuthConfig
    Order allow,deny
    Allow from all
</Directory>


-------------------------------------------------------------

touch .htpasswd (or .htaccess, or whatever you call it.  It doesn't matter)
if it does not already exist in the directory that you specified in the
httpd.conf entry.

NOTE: If you want to store the password file in a web directory make sure
you deny access to it by specifying the following in your httpd.conf file:

<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>

This will deny access to files starting with '.ht', so make sure you prefix
your password file with '.ht'.
-------------------------------------------------------------



Adding a user:
--------------

../apache2/bin/htpasswd <passwdfile> <username>


Example of passwd command:

usr/local/apache2/bin/htpasswd /usr/local/apache2/conf/.htpasswd username1



deleting a user:
----------------

delete the entry in .htpasswd or (.htaccess)
»