about htaccess and .htpasswd

Posted on 2003-03-28
Medium Priority
Last Modified: 2010-04-20
One time the 2 files is create, what i need to do? I know i must make some config in httpd.conf but what :/

thank to help me
Question by:Sabian
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

thanassis earned 2000 total points
ID: 8230146
For this example, I have a directory on my site called /private which can be brought up in a web browser at http://www.mysite.gr/private/

1. The first thing you need to do is edit the Apache configuration file httpd.conf. On Linux boxes, if you used the RPM installation method, httpd.conf is usually located in the /etc directory. If you compiled and installed it yourself, it is usually in the /usr/local/apache directory. If you can't find it in either of these directories, on the command prompt, type locate httpd.conf. Once you have found the file, open it with your favorite text editor and make the following changes.

Around line 308, you should see something like:
<Directory "/usr/local/apache/htdocs">

You are looking for the diretory or the parent directory where the password protected directory will reside. For this example, I want to let htaccess handle whatever it wants to handle with all the directories. The directory I specified here is also my DocumentRoot. This is not a bad idea to let htaccess handle whatever you need it to in all publically available directories.

Down a few lines and before the next </Directory> you should see something like:
AllowOverride None

Change None to All

2. Now you need to create a file called .htaccess (note the leading "."). Put the following lines of code in it:
AuthType Basic
AuthUserFile /usr/local/apache/htdocs/private/.htpasswd
AuthGroupFile /dev/null
AuthName "Members Area"
<Limit GET>
require valid-user

Substitute /usr/local/apache/htdocs/private/.htpasswd with the full directory path followed by .htpasswd (note the leading ".").

You can change the AuthName value of "Members Area" to whatever you want your users to see whenever they attempt to login.

3. Restart Apache. This can be done from either of the following:
[root@MountainLion apache]# /usr/local/apache/bin/apachectl restart
/usr/local/apache/bin/apachectl restart: httpd restarted

I don't like restarting Apache the above way becuase it doesn't always restart it. I prefer to use:
[root@MountainLion apache]# killall httpd; /usr/local/apache/bin/httpd

4. Your diretory is now going to ask you for a password if you try to access it from the web, but you don't have an account yet. To create an account, you need to run the program htpasswd. This program is located in the same directory as the httpd program. If you can't find it, run locate htpasswd and that will tell you where the binary is. When you find the htpasswd binary, use the following command:
[root@MountainLion apache]# /usr/local/apache/bin/htpasswd -c /usr/local/apache/htdocs/private/.htpasswd YourUsername

It will now ask you to enter your password and enter it again to verify. Once you entered both, you should be able to access the directory.

The -c /usr/local/apache/htdocs/private/.htpasswd section only needs to be run the first time you work with that file. The -c flag creates the file. The full file name /usr/local/apache/htdocs/private/.htpasswd must be EXACTLY the same as you specified in the .htaccess file earlier.

5. To add another user, run:
[root@MountainLion apache]# /usr/local/apache/bin/htpasswd /usr/local/apache/htdocs/private/.htpasswd AnotherUsername

The only difference between this line and the one you ran the first time is the -c flag. You don't need to create the file again, but you do need to specify which file you want to add the user to. So, in short, omit the -c anytime after the first use has been created.

You have successfully set up htaccess password protection on your directory.

Author Comment

ID: 8230700
nice how-to thanks a lot

Expert Comment

ID: 8230705
giving me the points :)
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI


Author Comment

ID: 8230750
lol tx again

Expert Comment

ID: 8232865
Hmm...We dont like such behavior. Everyone expect to have points for his effort

Author Comment

ID: 8233791
its because... i pay to ask question... so.

Expert Comment

ID: 8233821
yeah, all about money!

Author Comment

ID: 8233858
anyway :) thank you my htaccess work :P

Expert Comment

ID: 8233860
Force Accepted

The points for this question were put into escrow.  You could not have used them for another question anyways.  Please do not withhold points for an expert in the future.  It constitutes an abuse of the membership agreement: http://www.experts-exchange.com/jsp/infoMemberAgreement.jsp 

Community Support Moderator @Experts Exchange

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question