Setting Apache Passwords
August 7, 2007 – 4:25 pmPassword Protecting a file or directory in Apache
************************************************************************
changes to the httpd.conf file:
——————————-
Default: This disables the processing of .htaccess files for the system.
AllowOverride None
or for a specified directory:
AllowOverride None
Change to and/or specify directory to protect:
AllowOverride All
OR
AllowOverride AuthConfig
——————————-
(AllowOverride parameters: AuthConfig FileInfo Indexes Limits Options)
Example httpd.conf entry for a password protected file:
——————————————————-
AuthType Basic
AuthName “Restricted File”
AuthUserFile /usr/local/apache2/conf/.htpasswd
Require valid-user
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all
Example httpd.conf entry for a password protected directory:
————————————————————
AuthType Basic
AuthName “Restricted Directory”
AuthUserFile /usr/local/apache2/conf/.htpasswd
Require valid-user
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all
————————————————————-
touch .htpasswd (or .htaccess, or whatever you call it. It doesn’t matter)
if it does not already exist in the directory that you specified in the
httpd.conf entry.
NOTE: If you want to store the password file in a web directory make sure
you deny access to it by specifying the following in your httpd.conf file:
Order allow,deny
Deny from all
This will deny access to files starting with ‘.ht’, so make sure you prefix
your password file with ‘.ht’.
————————————————————-
Adding a user:
————–
../apache2/bin/htpasswd
—————-delete the entry in .htpasswd or (.htaccess)