Secure WebServer

Password-Protected Directory With .htaccess:

In our previous Chapter WebServer we learnt how to create a webserver and how to access multiple websites on a single IP. Now we will know how to make a site password protected.

Suppose a site is running with Virtualhost:

<VirtualHost *:80>

ServerAdmin root@example.com

DocumentRoot /var/www/pox

ServerName pox.com

ServerAlias www.pox.com

ErrorLog /var/log/pox/example.com-error_log

CustomLog /var/log/pox/example.com-access_log common

</VirtualHost>

Now, we want to access this site only by specific users “user5” and “user6”. For this use following links:

1 Create an .htaccess File in the directory you want to password protect:

# vim /var/www/pox/.htacces

AuthUserFile /var/www/pox/.htpasswd

AuthName "Authorization Required"

AuthType Basic

require valid-user

NOTE: If we want to password protect just a single file in a folder, add the following lines also to the .htaccess file:

<Files "mypage.html">

    Require valid-user

</Files>

2 Create .htpasswd file and add users, whom we want to allow to login

# htpasswd -c /var/www/pox/.htpasswd user5

<<This will allow user user5 to access the directory /var/www/pox.

-c is used only when we are creating a new file. After the first time, we will omit the -c flag. To allow other users to access …pox directory we should use –m flag. >>

# htpasswd -m /var/www/pox/.htpasswd user6

3 Finally we add following lines to configuration file:

# vim /etc/httpd/conf.d/pox.conf

<Directory /var/www/pox>

AllowOverride All

</Directory>

4 Restart service of Webserver

# service httpd restart

# chkconfig httpd on

5 Access your site:

# links www.pox.com

Provide username and password to access http://www.pox.com