• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 200
  • Last Modified:

about htaccess and .htpasswd

One time the 2 files is create, what i need to do? I know i must make some config in httpd.conf but what :/

thank to help me
0
Sabian
Asked:
Sabian
1 Solution
 
thanassisCommented:
For this example, I have a directory on my site called /private which can be brought up in a web browser at http://www.mysite.gr/private/

1. The first thing you need to do is edit the Apache configuration file httpd.conf. On Linux boxes, if you used the RPM installation method, httpd.conf is usually located in the /etc directory. If you compiled and installed it yourself, it is usually in the /usr/local/apache directory. If you can't find it in either of these directories, on the command prompt, type locate httpd.conf. Once you have found the file, open it with your favorite text editor and make the following changes.

Around line 308, you should see something like:
<Directory "/usr/local/apache/htdocs">

You are looking for the diretory or the parent directory where the password protected directory will reside. For this example, I want to let htaccess handle whatever it wants to handle with all the directories. The directory I specified here is also my DocumentRoot. This is not a bad idea to let htaccess handle whatever you need it to in all publically available directories.

Down a few lines and before the next </Directory> you should see something like:
AllowOverride None

Change None to All

2. Now you need to create a file called .htaccess (note the leading "."). Put the following lines of code in it:
AuthType Basic
AuthUserFile /usr/local/apache/htdocs/private/.htpasswd
AuthGroupFile /dev/null
AuthName "Members Area"
<Limit GET>
require valid-user
</Limit>

Substitute /usr/local/apache/htdocs/private/.htpasswd with the full directory path followed by .htpasswd (note the leading ".").

You can change the AuthName value of "Members Area" to whatever you want your users to see whenever they attempt to login.

3. Restart Apache. This can be done from either of the following:
[root@MountainLion apache]# /usr/local/apache/bin/apachectl restart
/usr/local/apache/bin/apachectl restart: httpd restarted

I don't like restarting Apache the above way becuase it doesn't always restart it. I prefer to use:
[root@MountainLion apache]# killall httpd; /usr/local/apache/bin/httpd

4. Your diretory is now going to ask you for a password if you try to access it from the web, but you don't have an account yet. To create an account, you need to run the program htpasswd. This program is located in the same directory as the httpd program. If you can't find it, run locate htpasswd and that will tell you where the binary is. When you find the htpasswd binary, use the following command:
[root@MountainLion apache]# /usr/local/apache/bin/htpasswd -c /usr/local/apache/htdocs/private/.htpasswd YourUsername

It will now ask you to enter your password and enter it again to verify. Once you entered both, you should be able to access the directory.

The -c /usr/local/apache/htdocs/private/.htpasswd section only needs to be run the first time you work with that file. The -c flag creates the file. The full file name /usr/local/apache/htdocs/private/.htpasswd must be EXACTLY the same as you specified in the .htaccess file earlier.

5. To add another user, run:
[root@MountainLion apache]# /usr/local/apache/bin/htpasswd /usr/local/apache/htdocs/private/.htpasswd AnotherUsername

The only difference between this line and the one you ran the first time is the -c flag. You don't need to create the file again, but you do need to specify which file you want to add the user to. So, in short, omit the -c anytime after the first use has been created.

You have successfully set up htaccess password protection on your directory.
0
 
SabianAuthor Commented:
nice how-to thanks a lot
0
 
thanassisCommented:
giving me the points :)
0
[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

 
SabianAuthor Commented:
lol tx again
0
 
TranQuocVietCommented:
Hmm...We dont like such behavior. Everyone expect to have points for his effort
0
 
SabianAuthor Commented:
its because... i pay to ask question... so.
0
 
thanassisCommented:
yeah, all about money!
0
 
SabianAuthor Commented:
anyway :) thank you my htaccess work :P
0
 
SpideyModCommented:
Force Accepted

Sabian,
The points for this question were put into escrow.  You could not have used them for another question anyways.  Please do not withhold points for an expert in the future.  It constitutes an abuse of the membership agreement: http://www.experts-exchange.com/jsp/infoMemberAgreement.jsp 

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now