|
Register | Downloads | Forum Rules | FAQ | Members List | Social Groups | Calendar | Search | Today's Posts | Mark Forums Read |
|
Thread Tools | Search this Thread |
#1
|
|||||||
PasswordBasicAuth
Password protect a directory using basic authentication
In this How-To guide, we will show you how to set up a password protected directory using basic authentication. The first section focuses on Apache httpd 2.2, and the new directives for 2.4 will be covered in the last part of this document. Authentication directives in Apache httpd can be used in the following contexts - directory and htaccess. For directory context this means in <Directory>, <Location>, and <Files> blocks in your httpd.conf or your distro's main Apache config file or virtual host config file. Additionally, for Apache httpd 2.2, <Proxy> blocks are also included in the directory context. The htaccess context is self explanatory. This means you can use authentication directives in .htaccess files. In this tutorial, we will show recipes for both contexts. The first thing we need to do in this example is to create a directory to protect in our document root. Let's say our document root is /var/www/html. We'll create a directory called protected in the document root - /var/www/html/protected. The next thing to do is to create a password file with users. We will use the htpasswd utility provided in the core Apache package. The password file can be stored anywhere on your hard drive. In our example we will create our htpasswd file in /etc/htpasswd. Note that the location of the htpasswd file can be anywhere you want on your local drive. You just need to specify the full path to the htpasswd file with the AuthUserFile directive. Choose whatever you deem to be a sane location for your password files. Quote:
This is the recipe to use for setting up a password protected directory in the directory context: Quote:
AuthType tells Apache what type of authentication to use. In our case, basic authentication. AuthName is what will be displayed on the password prompt from the browser. AuthUserFile is the location of your htpasswd file. Require tells Apache which authenticated users will be granted access to a resource. In our case, any authenticated user will be granted access. The following below is the recipe to use for setting up a password protected directory in the htaccess context: First we will create a .htaccess file in our protected directory, /var/www/html/protected and set the contents of the file to be: Quote:
Quote:
Remember to restart Apache after making any changes to httpd.conf or your distro's main Apache config file or your virtual host config file. Using either recipe, you can now go to http://localhost/protected and be prompted by the browser to enter your credentials. If you enter correct credentials you will be granted access to protected. If you don't enter correct credentials, you will be continually prompted to enter credentials until you enter correct credentials or click the Cancel button. For Apache httpd 2.4, the authorization mechanism has been revamped. Here is a sample of a configuration that uses basic HTTP auth for the entire DocumentRoot, and allows public, non-restricted access for a specific directory: Assuming a DocumentRoot value of "/srv/httpd/htdocs", Quote:
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | Search this Thread |
|
|