Learn how to a build a cloud-first strategyRegister Now


password protect specific file in Centos 5.4 apache

Posted on 2012-09-15
Medium Priority
Last Modified: 2012-09-18

I have a job interview coming up and the person interviewing me said he would like me to gain experience with apache.  He said I will need to troubleshoot apache at the interview and one of the things I need to know is how to password protect a file.  This is CentOS 5.4 Apache.

I was successful in password protecting a directory with htpasswd and htaccess but I am unable to do a specific file.  I googled for a procedure and what I found didnt work.  My understanding is it is all about what you put in htaccess.

Someone told me they dont even think its possible to only password protect a single file in Linux.  Is that true?   Is it possible the person interviewing me misspoke and meant to say "directory"?

If someone can open up my understanding to this and help me go into the interview with confidence on this subject, it would be greatly appreciated.

Question by:anthtaddeo
  • 7
  • 3
LVL 58

Expert Comment

ID: 38402554
LVL 81

Accepted Solution

arnold earned 2000 total points
ID: 38402570
The .htaccess is the way to go and limit access to just one file, by specifying the files to which .htpasswd applies in the absence of a specification, the restriction applies to the entire directory where the .htaccess and any subdirectory.

The most important thing actually is not the .htaccess file but the httpd.conf which you must look at to confirm whether .htaccess directives are permitted.
AllowOverride none
No matter what you put in .htaccess it will not be processed.

Author Comment

ID: 38402594
Thanks for the comments.  I've been working on it but so far no success.  I'm done for the night and will take another crack at it in the coming days.
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.


Author Comment

ID: 38404277
Still unsuccessful. Also, I attempted to copy and past the info from my Centos virtual machine to this comment section so you guys can see what I may be doing wrong but was unable to.
LVL 81

Expert Comment

ID: 38404390
in /etc/httpd/conf/httpd.conf
AllowOverride (ALL)?

permissions on .htaccess must be 644

post what you have in your .htaccess? to you reference a .htpasswd file and does it have 644 permissions?  Is .htpasswd in a location that appache can access?
Do you use SELinux? check /var/log/audit/audit.log to see whether SELinux is blocking access
ls -lZ .htaccess /path/to/.htpasswd

Author Comment

ID: 38406409

First thank you for the assistance. This is totally new to me.  Something that I'm sure is so easy is taking me hours to figure out.  I dont know what I'm doing haha.

Heres the scoop.

my .htpasswd file is in the /var directory.  Its as close to my .htaccess as possible but not in public /www for security. Within this file is an entry for webuser.

my .htaccess is in /var/www/html.  This is in the same directory as index.html which I am attempting to password protect as a test.  The reason I chose index.html file to password protect is because I am testing 2 things in one.  To get the user to have to put in a password when going to this website.  Also, if they attempt to vi the file.  

The contents of .htaccess are as follows.

AuthName "Test Authentication"
Authtype Basic
<Files index.html>
Requre user webuser

In regards to the httpd.conf I do the following search --->  /.htaccess.  On that section I have the following

Allowoverride All "this is uncommented"

#Controls who can get stuff from this server

Order allow.deny
Allow from all

I checked the audit.log and there was an endless amount of info which I am unfamiliar with. I did searches /htaccess, /htpasswd, and /SElinux "which is unfamiliar to me, and nothing came up.

Permissions for .htaccess and .htpasswd are 644 "rw-r-r"

Hope this helps
LVL 81

Expert Comment

ID: 38407726
Your .htaccess is missing the path to where .htpasswd can be found.

Please look at http://webdesign.about.com/od/htaccess/ht/password_1_file.htm
This is where the example for .htaccess is

AuthUserFile /path/to/htpasswd/file/.htpasswd

AuthName "Name of Page"

AuthType Basic

<Files "mypage.html">

  require valid-user


Yours is missing the authuserfile reference.
Presumably you used htpasswd -c to create the .htpaswd file with the username you need webuser.

Author Comment

ID: 38408098
Ah man, I did have that path in there before.  Even though  I couldnt copy and paste this, I still typed what I saw on the screen so it may very well be missing.  I know to have that there though and am not sure what happened if that is the case. It was there earlier.  I'm at work now so I cant verify at the moment.  Tomorrow, I will definately check and update.

Also, I will check out that link.  Thank you!!!!

Author Comment

ID: 38410424
attempting to remove recent comment because I thought I may have had it fixed but see it is not the case.  Currently working on it.

Author Comment

ID: 38410576
hi Arnold,

The AuthUserFile  was in .htaccess.  It was in there as AuthUserFile /var/.htpasswd  

I must have just forgot to type that in this ticket.  If you think I did this correctly but maybe there is just something out of the ordinary causing this not to work, I am ok with just closing this ticket because I just created a larger problem that I dont have time to fix right now.

I redid everything from scratch and now I cant access the page at all with even root.  I'm not sure how this could happen by just deleting and recreating .htpasswd and .htaccess.

My primary concern at the moment is that I just understand how this process works.  So if you think what I did normally would work, I'll just close this out and figure things out later

Author Closing Comment

ID: 38412318
Even though I still havnt resolved my issue, Arnold was a big help and did thoroughly provide the answer I was looking for.  I just have something goofy on my end I need to figure out.  I'm sure as I keep looking at it, I will figure out my problem.

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Fine Tune your automatic Updates for Ubuntu / Debian
Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month20 days, 14 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question