Password Protection with Apache
Let's say you want this situation:
||My default page, world-readable|
You need a "password file" in a place where Apache
can read it but will not serve it up to web clients.
That means it must not be under
Your home directory should work.
Here I create a new password file
as I add a user named
% htpasswd -c ~/.web-password fred Adding password for fred. New password: ****** Re-type new password: ****** % ls -l ~/.web-password -rw-r--r-- 1 cromwell cromwell 19 Jan 29 14:58 /home/cromwell/.web-password
Note that you do NOT see the literal "******" above.
I added that to indicate where I typed
the rather bad password
Now, similar to
/etc/shadow, the password
file does NOT contain the password,
but the hash of the password:
% cat ~/.web-password fred:ds8BPFUd2MZDw
Now I just need to do the following in order to
password-protect my directory
% cd ~/public-web/private % cat > .htaccess AuthType Basic AuthName "Restricted Files" AuthUserFile /home/rvl4/b/cromwell/.web-password Require user fred ^D
That's it for the basic stuff! For far more, like adding more users, making groups of users, allowing or disallowing access from specific IP address blocks or domains, etc see the full Apache documentation.Linux and