faqts : Computers : Internet : Web Servers : Apache : Security

+ Search
 Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

60 of 74 people (81%) answered Yes
Recently 6 of 10 people (60%) answered Yes

Entry

How do I create create a secure directory in my document root?

Feb 8th, 2000 20:55
Ben Munoz, Matt Gregory, http://bignosebird.com/passwd.shtml
 


BASIC AUTHENTICATION (not for critical applications):
Directory access for a folder (directory) in Apache is controlled by 
two files: .htaccess and .htpassword
The .htaccess file is created by you, the user, on the webserver.  It 
contains the access permissions for the directory under which it resides
This is the information the .htaccess file should contain:
AuthUserFile /usr/<path to password file>.htpasswd
AuthGroupFile /dev/null
AuthName "The Secret Page"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
AuthUserFile should not be under the document tree, or else others 
could download it.
AuthName is the caption showing on the password request dialogue.
Limit is what you want to limit, you can limit everything, just form 
submittal, or nothing.
The second step is to create the .htpassword file.  It is usually best 
to create this file in the directory you wish to secure, unless you 
wish to keep all passwords in a specific location (Not generally a good 
idea since anyone with a password can access any directory).
Run the command:
htpasswd -c .htpasswd user_name (where user_name is the username the 
person attempting access should use) 
You will be prompted for the password.  Once it is confirmed, That user 
will be added as a valid user for that directory.  You can add as many 
as you like.