If you don't want everybody to access your website, you can restrict access to your website or part of it with user/password based authentication. First you should change the Directory directive in the config file of Apache. Open /etc/httpd/conf/httpd.conf and find the Directory directive for which you want to use user/password based authentication, i.e. <directory />, add or change the line starting with AllowOverride:
AllowOverride AuthConfigor:
AllowOverride All
Now restart Apache:
/etc/init.d/httpd restartand create a password file with
htpasswd
/usr/bin/htpasswd -c /etc/httpd/users USERNAME
You will be prompted for a password twice. By default the password will be stored as a MD5 encrypted. A typical passwordfile with the users "john" and "doe" might look like this:
john:ENeOPCunTT5jc doe:BaAn7NRspUrpwMxuUik/
Now we create an
.htaccess file in the directory you want to secure:
AuthName "restrict"Change the rights of the
AuthType Basic AuthUserFile /etc/httpd/users
Require user john doe
.htaccess:
chmod 644 .htaccessIf your password file contains a lot of users and it might be useful to use group based authentication. We need to create a group file. This file should contain the groupname followed by a collon and the usernames separated by spaces. The users must exsist in the password file. Let's create a group file first, for example
/etc/https/groups for the group webusers, john and doe are both members of this group. The file could look like this
webuser: john doeAfter we created this group file we can change the
.htaccess file to:
AuthName "restrict"
AuthType Basic
AuthUserFile /etc/httpd/users
AuthGroupFile /etc/httpd/groups
Require group webuser
Tags:
