Using .htaccess files with Apache

Outside of your web directory (best in /home/httpd/ ) you need to create the file(s) (you can have more than one) that contain the user names and passwords.

Step 1:

This can be done thus: htpasswd /home/httpd/.sysinfo admin

Note the dot (.) in front of .sysinfo !!!! (that's a hidden file in Unix)

This creates a password file with the username of admin (you'll be prompted for a password too).

Below are the options for htpasswd (if it's the first time you're creating a file, you'll need to run it with the -c (Create new file) option.

root@ftp ~# htpasswd

Usage:

htpasswd [-cmdps] passwordfile username
htpasswd -b[cmdps] passwordfile username password
htpasswd -n[mdps] username
htpasswd -nb[mdps] username password

Options:

-c Create a new file.
-n Don't update file; display results on stdout.
-m Force MD5 encryption of the password.
-d Force CRYPT encryption of the password (default).
-p Do not encrypt the password (plaintext).
-s Force SHA encryption of the password.
-b Use the password from the command line rather than prompting for it.

On Windows, TPF and NetWare systems the '-m' flag is used by default.

On all other systems, the '-p' flag will probably not work.

root@ftp ~#

Step 2:

In the directory you wish to protect, you need to create a file called .htaccess Again, note the dot (.) in front of it.

This file needs to have the following content:

AuthUserFile /home/httpd/.sysinfo
AuthGroupFile /dev/null
AuthName "System Information"
AuthType Basic
require valid-user

If you read it carefully, it's self explanatory.

Step 3:
Finally, you need to edit /home/httpd/conf/httpd.conf and look for the following string;

AllowOverride

It'll probably be set to Limit.
It needs to be changed to:

AllowOverride AuthConfig

Restart the web server..

/etc/init.d/httpd restart

or

apachectl graceful

Tags: Apache , Linux

Return to home page: Home