Articles | Search | Questions | Comming up | Sitemap

Ustrem.org

some good stuff on PHP, MySQL and Linux

How to protect and restrict access to a web directory using Apache web server

If you want to use the method described bellow, your Apache web server should have mod_auth and mod_access enabled.

In the beginning

If you have a directory in you website, which you want to keep restricted access. Easy, fast and secure solution is to use Apache authentication functionality.

Step one - passwords file.

First you'll need a file with all users and their encrypted passwords. It looks something like this:

user1:7yefORPzkOGtw
user2:Zwes8W.81oqJ2

Usernames are up to 255 chars and cannot contain :.

You can create this file manually. For password ecryption there are many tools available ( here's one http://www.flash.net/cgi-bin/pw.pl ). Then you can upload it through ftp.

Another way to create it is to use htpasswd tool from Apache distribution.
When you irst create this file, here' the command line:

htpasswd -c /home/vank0/.htpasswd -c vank0

It ask twice for password and user vank0 is already added. Now let's add a few more users:

htpasswd -c /home/vank0/.htpasswd pesho
htpasswd -c /home/vank0/.htpasswd misho
htpasswd -c /home/vank0/.htpasswd diana
htpasswd -c /home/vank0/.htpasswd petq

Step two - .htaccess file

You should create an .htaccess file in the directory you want to protect. Let's assume that document root is /home/vank0/www/, the directory is /home/vank0/www/taino/ and the website url is vank0.example.com. Here's the content of /home/vank0/www/taino/.htaccess

AuthType Basic
AuthName "Secret directory"
AuthUserFile /home/vank0/.htpasswd
Require valid-user

This way directory http://vank0.example.com/taino/ is accessible for each of the users in /home/vank0/.htpasswd

Just one user

If you want to make directory /home/vank0/www/po-taino/ accessible only for user vank0, you should create /home/vank0/www/po-taino/.htaccess with this content:

AuthType Basic
AuthName "Secret directory of vank0"
AuthUserFile /home/vank0/.htpasswd
Require user vank0

Some users

A directory can be accessible only for a few of the users in the password file. For example only pesho and misho should see /home/vank0/www/pesho-misho/. We need another file - containing user groups, where only one group is set. The file is /home/vank0/.htgroups, with single row:

grupata: misho pesho

Then you should create /home/vank0/www/pesho-misho/.htaccess with this content:

AuthType Basic
AuthName "Secret directory of grupata"
AuthUserFile /home/vank0/.htpasswd
AuthGroupFile /home/vank0/.htgroups
Require group grupata

 

No comments yet

Back to articles list

This page was last modified on 2024-04-17 08:10:41

Menu ;)

Български| English

• Home
• Articles
  
• Search
  
• Questions
  
• Comming up
  
• WebMail

Hints and tips

apache bash cmd database java javascript linux mod_rewrite mssql mysql oracle os perl php regex rsync ssh svn unix web_design windows

All tips

Newsletter

Subscribe for the newsletter with the latest articles and manuals on this site. Provide the address, where you would like to receive the newsletter.

Links

Articles | Search | Дива пчела | WebMail | Top
© 2006-2020 Ustrem.org is powered by bobi_at_ustrem.org, onzi_at_ustrem.org and Slackware linux | Design by Andreas Viklund