//
you're reading...
Linux, linux security, linux server

Howto, Apache .htaccess Password protected directories !


https://i1.wp.com/www.videobourse.fr/images/cadna.pngStep # 1: Make sure Apache is configured to use .htaccess file

You need to have AllowOverride AuthConfig directive in httpd.conf file in order for these directives to have any effect.Therefore, my entry in httpd.conf looks like as follows:

<Directory /var/www>
Options None
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>

Save the file and restart Apache
If you are using Red Hat /Fedora Linux:

# service httpd restart

Step # 2: Create a password file with htpasswd

htpasswd command is used to create and update the flat-files (text file) used to store usernames and password for basic authentication of Apache users

htpasswd -c password-file username

where -c means create the password-file

Create directory outside apache document root, so that only Apache can access password file.

# mkdir -p /home/secure/

Add new user called hasnain

# htpasswd -c /home/secure/apasswords hasnain

Make sure /home/secure/apasswords file is readable by Apache web server.

If you are using RedHat and Fedora core, type the following commands :
# grep -e ‘^User’ /etc/httpd/conf/httpd.conf

Output:

apache

Now allow apache user apache to read our password file:
# chown apache:apache /home/secure/apasswords
# chmod 0660 /home/secure/apasswords

Now our user hasnain is added but you need to configure the Apache web server to request a password and tell the server which users are allowed access.

Create a directory /var/www/docs if it does not exist:
# mkdir -p /var/www/docs

Create .htaccess file using text editor:
# cd /var/www/docs
# vi .htaccess

Add following text:

AuthType Basic
AuthName “Restricted Access”
AuthUserFile /home/secure/apasswords
Require user hasnain

Step # 3: Test your configuration

Fire your browser type url http://yourdomain.com/docs/ or http://localhost/docs/ or http://ip-address/docs

Advertisements

About abdessemed mohamed amine

DZ-SECURITY

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Facebook

August 2009
S M T W T F S
« Jul   Sep »
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Twitter

Error: Twitter did not respond. Please wait a few minutes and refresh this page.

  • 364,518 Visit !
%d bloggers like this: