Tutorial on .htpasswd and .htaccess with apache(httpd) in Linux
If there is a situation that have to dealt with like a public website but with some secret information.
How can we protect the information ? .
We can use .htpasswd and .htaccess in that time.
How ? Lets see................
Open your terminal and type as
vim /etc/httpd/conf/httpd.conf
and find line no : 334 to 338. This is the area of httpd.conf that dealt with .htaccess
334 # AllowOverride controls what directives may be placed in .htaccess files.
335 # It can be "All", "None", or any combination of the keywords:
336 # Options FileInfo AuthConfig Limit
337 #
338 AllowOverride AuthConfig
Now look at line no 338 , before modifying it will look like
AllowOverride None
You have to modify it to
AllowOverride AuthConfig
Now make sure that if you have some website and VirtualHost configuration of that website is successfully completed.
For my case that website is website1.com and now open your terminal and type as
# vim /var/www/html/website1/protected/.htaccess
Then Write below lines
AuthUserFile /var/www/html/website1/protected/.htpasswd
AuthType basic
AuthName " My Personal Files"
Require valid-user
So what they means , here we go.....
AuthUserFile : This is the path of .htpasswd file. Make sure you are giving proper path. If you give wrong path , it wont allow to login. Dont panic we are admins , we can make it solve by giving proper path.
AuthType : The
AuthName : So AuthName can be anything , its the name get displayed on that password window.
Require : So this is to define to whom we have to allow to access.
For Example :
Require valid-user # means only the valid user who are in .htpasswd file
Require raja raaz # means among the users of .htpasswd file allow only raja and raaz
But
Require valid-user raja is wrong way of usage because if you give so it doesnt make any sense.
I hope that explanation is fine. Now save and close that file and now we are going to create users for it.
# htpasswd -c /var/www/html/website1/protected/.htpasswd raja Password
Location of htpasswd file is completely upto you but .htaccess must be inside of protected directory which intended to be protected.
To add one more user you can use this command
# htpasswd /var/www/html/website1/protected/.htpasswd raaz Password
If you mentioned -c here then it will overwrite old .htpasswd file. So dont mention -c while adding one more user.
Now raja is username and Password is password to access. This will store in /var/www/html/website1/protected/.htpasswd location. After you added user.
You can try. Just try to access website1.com/protected in your browser and it will ask you username and password and only allowed are able to access those content.
Hope it helps.
In case of any queries please let me know.
References:
http://www.colostate.edu/~ric/htpass.html
http://www.anchor.com.au/hosting/support/password_protection_using_htaccess
http://www.seas.upenn.edu/cets/answers/auth-htpasswd.html
http://httpd.apache.org/docs/2.2/howto/auth.html
How can we protect the information ? .
We can use .htpasswd and .htaccess in that time.
How ? Lets see................
Open your terminal and type as
vim /etc/httpd/conf/httpd.conf
and find line no : 334 to 338. This is the area of httpd.conf that dealt with .htaccess
334 # AllowOverride controls what directives may be placed in .htaccess files.
335 # It can be "All", "None", or any combination of the keywords:
336 # Options FileInfo AuthConfig Limit
337 #
338 AllowOverride AuthConfig
Now look at line no 338 , before modifying it will look like
AllowOverride None
You have to modify it to
AllowOverride AuthConfig
Now make sure that if you have some website and VirtualHost configuration of that website is successfully completed.
For my case that website is website1.com and now open your terminal and type as
# vim /var/www/html/website1/protected/.htaccess
Then Write below lines
AuthUserFile /var/www/html/website1/protected/.htpasswd
AuthType basic
AuthName " My Personal Files"
Require valid-user
So what they means , here we go.....
AuthUserFile : This is the path of .htpasswd file. Make sure you are giving proper path. If you give wrong path , it wont allow to login. Dont panic we are admins , we can make it solve by giving proper path.
AuthType : The
AuthType directive selects that method that is used to authenticate the user. The most common method is Basic, and this is the method implemented by mod_auth_basic. It is important to be aware, however, that Basic authentication sends the password from the client to the server unencrypted. This method should therefore not be used for highly sensitive data, unless accompanied by mod_ssl. Apache supports one other authentication method: AuthType Digest. This method is implemented by mod_auth_digest and was intended to be more secure. This is no longer the case and the connection should be encrypted with mod_ssl instead.AuthName : So AuthName can be anything , its the name get displayed on that password window.
Require : So this is to define to whom we have to allow to access.
For Example :
Require valid-user # means only the valid user who are in .htpasswd file
Require raja raaz # means among the users of .htpasswd file allow only raja and raaz
But
Require valid-user raja is wrong way of usage because if you give so it doesnt make any sense.
I hope that explanation is fine. Now save and close that file and now we are going to create users for it.
# htpasswd -c /var/www/html/website1/protected/.htpasswd raja Password
Location of htpasswd file is completely upto you but .htaccess must be inside of protected directory which intended to be protected.
To add one more user you can use this command
# htpasswd /var/www/html/website1/protected/.htpasswd raaz Password
If you mentioned -c here then it will overwrite old .htpasswd file. So dont mention -c while adding one more user.
Now raja is username and Password is password to access. This will store in /var/www/html/website1/protected/.htpasswd location. After you added user.
You can try. Just try to access website1.com/protected in your browser and it will ask you username and password and only allowed are able to access those content.
Hope it helps.
In case of any queries please let me know.
References:
http://www.colostate.edu/~ric/htpass.html
http://www.anchor.com.au/hosting/support/password_protection_using_htaccess
http://www.seas.upenn.edu/cets/answers/auth-htpasswd.html
http://httpd.apache.org/docs/2.2/howto/auth.html
Thank you
Comments
Post a Comment