Difference between revisions of "apache .htaccess authentication howto"
(Created page with " == versions == version: 2.2.25 O.S.: gentoo This may work for other versions, but the instructions here were only tested with the above version. == problem == need to c...") |
Revision as of 15:38, 1 August 2014
versions
version: 2.2.25 O.S.: gentoo
This may work for other versions, but the instructions here were only tested with the above version.
problem
need to configure file or directory specific authentication using .htaccess
- note - this is not recommended by apache. Apache recommends configuring auth via the main server config files. However, there are times(such as some hosted scenarios) where you won't have access to those files, and .htaccess is an alternative.
solution
set AllowOverride to All in the config section for your website in the appropriate conf file (i.e. httpd.conf or other depending upon setup) as seen below in bold. This allows Apache to override previous directives with .htaccess files.
<Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory>
reload / restart apache config file. command my vary by distro. on gentoo run...
# /etc/init.d/apache2 restart
Create a file called .htaccess in the directory you want to password-protect with the follwing content:
AuthUserFile /your/path/.htpasswd AuthName "Authorization Required" AuthType Basic require valid-user
instead of valid-user, you can also add the users you want directly
If you want to password protect just a single file in a folder add the following lines to the .htaccess file:
<Files "mypage.html"> Require valid-user </Files>
Then create the file /your/path/.htpasswd which contains the users that are allowed to login and their passwords. We do that with the htpasswd command:
htpasswd -c /path/to/your/.htpasswd user1
The -c flag is used only when you are creating a new file. After the first time, you will omit the -c flag, when you are adding new users to an already-existing password file. Otherwise you will overwrite the file!!
Nevertheless, you should store the file in as secure a location as possible, with whatever minimum permissions on the file so that the web server itself can read the file.
Finally we need to add the following lines to /etc/apache2/apache2.conf:
<Directory /your/path> AllowOverride All </Directory>
You have to adjust /your/path/.htpasswd
Restart your webserver:
sudo /etc/init.d/apache2 restart
snippets taken from EnablingUseOfApacheHtaccessFiles at help.ubuntu.com