General Information
In order to password protect a website, or part of a website, we need to create a .htaccess file and a .htpasswd file. These are the files that Apache reads from to see who is allowed in the site. This guide will show you how to setup a website directory with password protection.
Requirements
- Apache webserver
- Local root access on the box or be able to su to root.
- A SSH client that supports ANSI colors such as puTTy or SecureCRT (if you aren't on the box).
- Your favorite text editor (I like nano).
Configuration
|
# |
nano -w /usr/local/etc/apache/httpd.conf |
You will need to add these three lines. Insert them within your VirtualHost(s) if you use them:
<Directory "/path/to/protected/directory">
AllowOverride AuthConfig
</Directory>
|
Then restart apache:
Now we need to create a password file for the protected directory for user fred
# htpasswd -c /path/to/protected/directory/.htpasswd fred
New password:
Re-type new password:
Adding password for user fred
|
You can additional users by the previous command, but without the -c. Next we have to create the .htaccess file for Apache to read from
# nano /path/to/protected/directory/.htaccess
AuthUserFile /path/to/protected/directory/.htpasswd
AuthName "Login Text"
AuthType Basic
require valid-user
|
That's all there is to it. Now that website directory is password protected.
Author: Jon LaBass
jon at bsdguides dot org
Find this guide useful?
Support the author:
