Monday, May 17, 2010

.htaccess setup on apache2

Set Apache Password Protected Directories With .htaccess File

Step # 1: Make sure Apache is configured to use .htaccess file


Options Indexes Includes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all


Save the file and restart Apache

# /etc/init.d/apache-perl restart

Step # 2: Create a password file with htpasswd

htpasswd -c password-file username

Create directory outside apache document root, so that only Apache can access password file. The password-file should be placed somewhere not accessible from the web. This is so that people cannot download the password file:

# mkdir -p /home/secure/

Add new user called remote

# htpasswd -c /home/secure/apasswords remote



Now allow apache user www-data to read our password file:
# chown www-data:www-data /home/secure/apasswords
# chmod 0660 /home/secure/apasswords




Create .htaccess file using text editor:
# cd /var/www/
# vi .htaccess

Add following text:

AuthType Basic
AuthName "Restricted Access"
AuthUserFile /home/secure/apasswords
Require user remote

Save file and exit to shell prompt.
Step # 3: Test your configuration

Fire your browser type url http://ip-address/


When prompted for username and password please supply username remote and password.

Troubleshooting

If password is not accepted or if you want to troubleshoot authentication related problems, open and see apache access.log/error.log files:

# tailf -f /var/log/apache2/access.log
# tailf -f /var/log/apache2/error.log

0 comments:

Post a Comment

 
Copyright 2009 Security Monkey. Powered by Blogger Blogger Templates create by Deluxe Templates. Sponsored by: Website Templates | Premium Themes. Distributed by: blog template