jump to navigation

Howto: Apache .htaccess Password protected directories February 11, 2009

Posted by hasnain110 in Linux.

Step # 1: Make sure Apache is configured to use .htaccess file

You need to have AllowOverride AuthConfig directive in httpd.conf file in order for these directives to have any effect.Therefore, my entry in httpd.conf looks like as follows:

<Directory /var/www>
Options None
AllowOverride AuthConfig
Order allow,deny
Allow from all

Save the file and restart Apache
If you are using Red Hat /Fedora Linux:

# service httpd restart

Step # 2: Create a password file with htpasswd

htpasswd command is used to create and update the flat-files (text file) used to store usernames and password for basic authentication of Apache users

htpasswd -c password-file username

where -c means create the password-file

Create directory outside apache document root, so that only Apache can access password file.

# mkdir -p /home/secure/

Add new user called hasnain

# htpasswd -c /home/secure/apasswords hasnain

Make sure /home/secure/apasswords file is readable by Apache web server.

If you are using RedHat and Fedora core, type the following commands :
# grep -e ‘^User’ /etc/httpd/conf/httpd.conf



Now allow apache user apache to read our password file:
# chown apache:apache /home/secure/apasswords
# chmod 0660 /home/secure/apasswords

Now our user hasnain is added but you need to configure the Apache web server to request a password and tell the server which users are allowed access.

Create a directory /var/www/docs if it does not exist:
# mkdir -p /var/www/docs

Create .htaccess file using text editor:
# cd /var/www/docs
# vi .htaccess

Add following text:

AuthType Basic
AuthName “Restricted Access”
AuthUserFile /home/secure/apasswords
Require user hasnain

Step # 3: Test your configuration

Fire your browser type url http://yourdomain.com/docs/ or http://localhost/docs/ or http://ip-address/docs



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: