Basic HTTP Authentication

To password-protect directories in Apache, shove the appropriate directives straight in the Apache config file (ideal, as you can't accidently delete the .htaccess file) or in a .htaccess file in the directory you want to protect (which will cover all directories below too).

Creating the user file

# to create a new userfile, adding an initial user:
htpasswd -c /usr/local/etc/httpd/users dave
# to add users to an existing file (or change their passwords)
# just leave out the -c flag

Limiting access

<Location /private/>
  AuthName "restricted stuff"
  AuthType Basic
  AuthUserFile /usr/local/apache/conf/users
  require valid-user
</Location>

Using groups

To use groups to give different permissions to different users, change the require valid-user line to require group group1 (you can give more than one group, seperated by spaces), and provide the location for the groups file with AuthUserGroup, for example:

<Location /private/>
  AuthName "restricted stuff"
  AuthType Basic
  AuthUserFile /usr/local/apache/conf/users
  AuthGroupFile /usr/local/apache/conf/groups
  require group staff admin
</Location>

The above will allow access to users in the staff or admin groups.

The group file should list one group per line, with a colon, then a space-seperated list of group members, for example:

admin: dave bob billy bert
staff: michelle john emma
animals: badger

Using .htaccess

If your server is configured to support .htaccess files, you should be able to use the code above, minus the <Location> container.

If your user list file has to be under your document root (best avoided, but sometimes not possible) then give it a name starting with .ht as Apache is configured by default to deny access to any file starting with .ht - for example, name it .htusers and .htgroups if you're using groups).

 
apache/authentication.txt · Last modified: 2010/02/26 10:45 (external edit)
 
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki