go to  ForumEasy.com   
JavaPro
Home » Archive » Message


[Email To Friend][View in Live Context][prev topic « prev post | next post » next topic]
  Protect Apache web resources with .htaccess & .htpasswd
 
Subject: Protect Apache web resources with .htaccess & .htpasswd
Author: AwsEC2
In response to: How to protect Apache web resources
Posted on: 09/11/2012 07:33:06 PM

.htaccess

The .htaccess file is ACLs in simple text file placed in the directory you want the contents of the file to affect. The rules in the .htaccess file will be enforced on whatever directory it is in and all sub-directories as well, as in SubEntry ACLs

Sample .htaccess file for most cases:

$ cat /home/ec2-user/example2.com/.htaccess

AuthType basic
AuthName "Ooops! Protected Resource ..."
AuthUserFile /home/ec2-user/example2.com/.htpasswd
Require valid-user 


Sample .htaccess file for a more complicated case:
$ cat /home/ec2-user/example2.com/.htaccess

## ACCESS INSTRUCTION LIST ###
AuthType basic
AuthName "Ooops! Temporarily Under Construction ..."
AuthUserFile /home/ec2-user/example2.com/.htpasswd
AuthUserFile /home/ec2-user/example2.com/.htpasswd  # multiple location
AuthGroupFile /dev/null      # optional
Require John                 # password prompt for John
Require valid-user           # password prompt for everyone else from AuthUserFile
Order Deny,Allow
Deny from all
Allow from 192.168.64.5      # Your, the developers IP address
Allow from w3.org            # css/xhtml check jigsaw.w3.org/css-validator/
Allow from googlebot.com     # Allows google to crawl your pages
Satisfy Any                  # no password required if host/ip is Allowed



.htpasswd

The .htpasswd file is the second part of the affair. The .htpasswd file is also a simple text file which contains username/password pairs. The password will be stored in encrypted form and the username will be in plaintext.

Format:
<username>:<encrypted_password>


Sample .htpasswd file:
john:a5MfE987hgwbg
Lauren:98qiJH6hjkp4K


Troubleshooting:
  • The username in .htpasswd is case-sensitive. John and john are two different users.
  • Make sure the permissions on the .htaccess and .htpasswd files are set so that Apache can read them.
    chmod 0644 .htaccess
    chmod 0644 .htpasswd
    

  • .htaccess files can be completely ignored by Apache if the administrators opt it with an AllowOverride None directive. In other words, .htaccess files work only if your web administrators allow the following settings:
    AllowOverride AuthConfig
    

    or
    AllowOverride All
    


     

    > On 09/11/2012 06:44:45 PM AwsEC2 wrote:

    Protecting resource on the web is something that most admin will have to do at one point or another. Whether the content is personal or under construction, there comes a time when that content must only be accessed by authorized users. The Apache web server allows two ways to achieve this purpose:
  • One way is placing the access rules in an external file (.htaccess) which resides directly inside the protected directory.
  • The other way is placing the access rules inside directory dicretives of configuration file httpd.conf or conf.d/*.conf





    References:

  •  


     
    Powered by ForumEasy © 2002-2022, All Rights Reserved. | Privacy Policy | Terms of Use
     
    Get your own forum today. It's easy and free.