Friday, March 27, 2009

Restrict Apache with .htpasswd

Setup

Create access file (.htaccess)
Create password files (.htpasswd, .htgroups)
Place the files to corresponding location

Required files

.htaccess
in your DocumentRoot
.htpasswd in the desired path
.htgroups (optional)


Create .htpasswd file

Create
your new own .htpasswd file:
htpasswd -c /home/user/www/.htpasswd my_user_name

Add user to existing .htpasswd:
htpasswd /home/user/www/.htpasswd another_user_name


Create .htaccess in your document root

.htaccess

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /home/user/www/.htpasswd
#
# Allow access only for user 'my_user_name'
Require user my_user_name
#
# Require user which belongs to particular group
AuthGroupFile /home/user/www/.htgroups
Require group GroupName
#
# Require any valid user mentioned in htpasswd
Require valid-user

.htgroups (optional)
GroupName: my_user_name

.htpasswd (just example)
my_user_name:mOF02rW7UXe0w

Sources
src: http://httpd.apache.org/docs/2.0/howto/auth.html
src: http://httpd.apache.org/docs/2.0/programs/htpasswd.html

No comments: