24 Jun 2009, 12:49pm
Programming:
by

2 comments

Protect a Directory with Apache, .htaccess and httpasswd

Apache comes with a command line utility called “htpasswd”. This utility will generate a username and password that you can use to authenticate against using a .htaccess file. Just run the utility like so:

  htpasswd -c /path/to/your/password/directory/and-your-password-filename jane_doe_username

This will prompt you for a password/confirm password.

Keep in mind that this will not create a user on the system. It will just create a password and associate it with a string, that is the username you’ll use to authenticate in your request.

Then you’ll need to add a .htaccess file in the directory that you want to protect, and in that file place the following code.

AuthType Basic
AuthName "Restricted Directory"
AuthUserFile /path/to/your/password/directory/and-your-password-filename
Require user jane_doe_username

Remember that the /path/to/your/password/directory will need to be owned by Apache. on Ubuntu, it’s by default the www-data user. Change ownership like so:

 chown -R www-data:www-data directory
  • admin

    typo alert… i wrote “httpasswd” when it should be “htpasswd”. the httpasswd won’t work because the command doesn’t exist. the post above contains the corrected copy!

  • http://seanbehan.com sean

    Also,

    You need to change in apache config

    Allow override from None to All

    #
    vim /etc/apache2/sites-available/default

    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all

 
  
 

Recent Posts

Linkroll