Tuesday, July 8, 2008

Apache , how to password protect your site

You can limit access to your websites to authorised users with passwords, these credentials can be different and independent of the regular users of your web server.

edit your /etc/httpd/conf/httpd.conf file and add the following stanza
were the first line is the path of the directory you want to protect

AuthName "any Text in here you want to be displayed"
AuthUserFile /etc/httpd/webpass
Require valid-user
< /Directory >

once you have edited the file you will need to restart or reload the httpd daemon do this by typing
/etc/init.d/httpd reload
next type the following
htpasswd -c /etc/httpd/webpass username
were username is the username you want to allow access to the site
you will be prompted for a password for the username you entered and the information will be saved into the /etc/httpd/webpass file in an encrypted format, so even if someone reads that file they will not be able to make out what the password is.
If you want to add more authorised users to the file simply use the same command but without the -c option
-c was to create the original file , since it has now been created you just want to add users so you don't use the -c
eg htpasswd /etc/httpd/webpass username2when you access the site you will be prompted for a user name and password.

No comments: