Mochabomb

Web Design and Technical notes

Mochabomb header image 2
Panda Antivirus Control Panel -enable and settings keys greyed out Files downloaded from web server get cut off

Apache - htaccess password protected directories

November 5th, 2005 12:20 am · No Comments

#####Background
There are two files needed for to password protect directories in Apache - a .htaccess file and a password file.

This is a rudimentary solution - simple and effective security measure to password protect a portion(s) of a site.

This tutorial is written for windows users - however this method and format will work on any system Apache is installed. Unless the login and password authentication is running over SSL or TLS, your login, password, and any other information is sent as plain text. Any network sniffer can capture this information - especially easy over wireless with no security or using WEP. You have been warned.

#####Setup
* `.htaccess` - tells apache certain directives for a directory. Here it will authenticate users with a specific password file. The .htaccess file goes in the directory you want to protect. You can place copies of it anywhere you want login/password security - as long as an absolute path for the password file is used. Any directive that has spaces must be enclosed in “quotes like this”, as is done below for AuthName and AuthUserFile.

* `password.file` - the file with the users and hashed password

#####Usage
The file `.htaccess` needs to be created at the command line in Windows. Windows explorer will say `.htaccess` is not a valid file name. One can use notepad/wordpad/etc to edit the file.

AuthType Basic
AuthName "Directory Access"
AuthUserFile "C:\Program Files\Apache Group\Apache2\etc\passwd.txt"
require valid-user

* `passwd.txt` file: This file can be called anything, I used `passwd.txt`.
* `htpasswd.exe` added block characters to the file, I removed them using text editor. The “/” will work in windows for directories. htpasswd runs at the command line.

C:\APACHE\BIN>htpasswd -c ../etc/passwd.txt bert
Automatically using MD5 format.
New password: mypassword
Re-type new password: mypassword
Adding password for user bert

C:\APACHE\BIN>htpasswd ../etc/passwd.txt ernie
Automatically using MD5 format.
New password: hispasswd
Re-type new password: hispasswd
Adding password for user ernie

Uncomment the line containing `LoadModule` in `httpd.conf` so it looks as below

LoadModule rewrite_module modules/mod_rewrite.so

Put the `.htaccess` file in the directory(ies) to be secured and you are set.

These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • Slashdot
  • Technorati
  • MisterWong
  • Reddit

Tags: Apache

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment