Account Links: Cart | Your Account | Logout

Skip to content

Red Hat Knowledgebase

Red Hat Knowledgebase Search:

Updated Within the Last:

New Solutions within the last day New Solutions within the last week New Solutions within the last month

Browse by topics:


Click to View a Topic
Red Hat Enterprise Linux > Web Server > Issue <<  60 of 73 >>

Solution Tools:


Email a Solution Postcard Printer version Submit a comment on this answer Update notifications Request an answer Back

Article Reference

Article ID: 7105
Last update: 11-07-05
Issue:
How do I require authentication on certain directories using the Apache web server?
Resolution:

The Apache web server provides a built-in means to protect any directory in your web server with access restrictions. The passwords are stored in an encrypted file. Keep in mind, however, that unless you set up your site to use Secure Socket Layer (SSL) encryption, usernames and passwords will be passed from the client to the server in clear text. It is therefore highly recommended that if you are restricting access to certain areas of your website that you also use SSL encryption for authenticating users.

For this exercise we will assume that your document root is /var/www/html and that the directory you want to protect is called /var/www/html/private.

First, open the /etc/httpd/conf/httpd.conf file for editing. Find the AllowOverride directive in the <Directory /var/www/html> section. By default it looks like this:

AllowOverride None

Change it to read:

AllowOverride AuthConfig

Restart your webserver:

service httpd restart

Next, we need to create an .htaccess file that tells Apache to require authorization for the /var/www/html/private directory. The .htaccess file goes inside the directory you want to protect and should look like the following example:

# /var/www/html/private/.htaccess
AuthName "Private Directory"
AuthType Basic
AuthUserFile /var/www/.htpasswd
require valid-user

The next step is to create the password file. The file is created using the htpasswd command. The location of the file is indicated in the .htaccess file. Note it is a good idea to keep this file outside of the document root.

htpasswd -c /var/www/.htpasswd username

Where "username" is the name of a user who will have access to the directory. Note that this does not have to be a system user; the htpasswd users only exist for the purpose of authenticating to protected web directories. Note that the -c option is only used when you are first creating the file. Do not use this option when creating subsequent users or it will replace the existing file with a new one.

Point a web browser to http://yourhostname.com/private you should be prompted for a user name and password before you are allowed to view the page.


How well did this entry answer your question?


good wrong incomplete out of date
Red Hat Enterprise Linux > Web Server > Issue <<   60  of  73  >>