Setting Up htaccess by Joey.
Created on September 19th, 2003.
Last updated on September 19th, 2003.
htaccess can be used in co-ordination with the Apache web server to password protect certain files and directories on your web server.
This document assumes that you have Apache already set up and running correctly. If this is not the case please visit http://www.linuxhelp.ca/guides/apache/ for help with installing and configuring Apache.
For my own sanity I'm going to assume that you followed the Apache Setup Guide on our site and that you have apache installed at /usr/local/apache and your HTML documents are located in /usr/local/apache/htdocs. Now let's say you have a directory called admin in /usr/local/apache/htdocs and you would like to password protect it and give certain users access. The first thing you need to do is open up your httpd.conf file and find the section that looks similar to this:
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
Once you've found the similar lines in your httpd.conf you can add the following section underneath it:
<Directory "/usr/local/apache/htdocs/admin">
AllowOverride AuthConfig
Options Indexes FollowSymLinks Includes
Order allow,deny
Allow from all
</Directory>
Once you've added the new section, save the httpd.conf file and restart apache. You can normally do this by running killall -HUP httpd as root. Now that the admin directory is properly configured for htaccess you'll need to set up the .htaccess and .htpassword files.
Change into the directory you want to protect (for this guide we are using /usr/local/apache/htdocs/admin) and create a file called .htaccess. To do this you can run touch .htaccess in the directory. Now open up the file with a text editor (nano, pico, vi, joe etc) and enter in the following lines:
AuthUserFile /usr/local/apache/htdocs/admin/.htpasswd AuthName "Authorization Required" AuthType Basic require valid-user
The AuthUserFile directive containts the path to the password file
that users will be authenticated against.
AuthName is the message that will appear on the login prompt. The
default is Authorization Required but you can change this to whatever
you like.
AuthType selects the type of user authentication that will be used.
You can leave this as Basic
require let's all the valid users in the .htpasswd file access the
directory.
Once your .htaccess file is set up, save and exit the file. You must now create the .htpasswd file. To do this you can use the htpasswd program that comes Apache. If you followed the Apache Guide, htpasswd should be located in /usr/local/apache/bin. If not you can run updatedb as root and then type locate htpasswd to find it.
To create the initial .htpasswd file you must use the -c flag. As root
run:
htpasswd -c /usr/local/apache/htdocs/admin/.htpasswd username
Don't forget to change the directory .htpasswd will be located in. The
above is set up for securing /usr/local/apache/htdocs/admin. As well
change username to whatever username you want to use to log in. It will
then prompt you for a password. The next time you add a user you can
drop the -c flag since it is only used for the inital creation of the
file.
If you haven't already restarted your Apache web server now is the time
to do so. Once that has been taken care of, open up a web browser and
try to access http://www.yourdomain.com/admin/ and see if it prompts you
for a password. If something goes wrong check the Apache error log file.
Having trouble? Got questions? Require further assistance? If so please feel free to visit our Help Forums and ask the experts!