Wednesday, 5 August 2009

Adding password security to a website with Apache (without using .htaccess)

To password protect your site, without using a .htaccess file, follow the following instructions:

/usr/local/apache/bin/htpasswd -c /usr/local/apache/conf/htpasswd [username]
This will prompt for a password to be specified.
For each new user required, type in:
/usr/local/apache/bin/htpasswd /usr/local/apache/conf/htpasswd [username]

Edit /usr/local/apache/conf/httpd.conf :
vi /usr/local/apache/conf/httpd.conf

For the directory that needs to be protected (probably the same as the DocumentRoot directory) -

AuthUserFile /usr/local/apache/conf/htpasswd
AuthGroupFile /dev/null
AuthName "Password required"
AuthType Basic
require valid-user

Save httpd.conf and gracefully restart apache:
/usr/local/apache/bin/apachectl graceful

No comments: