Geek Answers Handbook

Password protection of the directory and all its subfolders using .htaccess

I am trying to password protect a subdomain and all its subdirectories and files, but my knowledge on this issue is very limited, how can I do this?

+12
password-protection .htaccess
source share
6 answers

This is a simple two-step process.

In your .htaccess put

AuthType Basic AuthName "restricted area" AuthUserFile /path/to/the/directory/you/are/protecting/.htpasswd require valid-user

use http://www.htaccesstools.com/htpasswd-generator/ or the command line to generate a password and put it in .htpasswd

Note 1: If you are using cPanel, you must configure "Password Protection Folders" in the security section

EDIT: If this did not work, then you need to do AllowOverride All in the .htaccess directory (or at least until the previous ones) in http.conf followed by apache reload

 <Directory /path/to/the/directory/of/htaccess> Options Indexes FollowSymLinks MultiViews AllowOverride All </Directory>
+20
source share

To password protect the directory served by Apache, you need the .htaccess file in the directory that you want to protect and the .htpasswd file, which can be located anywhere on your system that the Apache user can access (but put it somewhere wisely and privately). Most likely you do not want to put .htpasswd in the same folder as .htaccess .

The .htaccess file may already exist. If not, create it. Then insert:

 AuthType Basic AuthName "Your authorization required message." AuthUserFile /path/to/.htpasswd require valid-user

Then create the .htpasswd file using any username and password. Password must be encrypted. If you are running on a Linux server, you can use the htpasswd command , which will encrypt the password for you. Here is how this command can be used for this:

htpasswd -b/path/to/password/file username password

+8
source share

You might want to use the mod_auth_digest module. Apache provided a very good guide for using the full range of authentication and authorization modules.

+1
source share

You need to generate a password (username + password) for authentication, write it to a file, and put it in the subdirectory that you want to restrict access to.

The line looks like this:

 username:hashkey
  • You can use an HTTP password generator for this.
  • Copy and paste the line received from the above site into a new file (.htpasswd) anywhere outside your site’s website (it’s better to keep it somewhere inside the user's home directory).
  • Add the following lines to your .htaccess file.
 AuthType Basic AuthName "Require Authentication" AuthUserFile [PATH_TO_FILE]/.htpasswd Require valid-user

  • If the password does not start, check the resolution of the .htaccess file.

  • If authentication fails, check for the presence of the .htpasswd file at the specified location. (Make sure your user account has sufficient privileges to read the .htpasswd file)

  • You do not need to restart the server for this.

Please let me know if you have any questions.

+1
source share

To create the correct password, you can create a php file and run it locally (on your computer, not on the web server) with the following contents:

 <!DOCTYPE html> <html> <head> <meta charset="utf-8" /> </head> <body> <form method="post" accept-charset="utf-8"> <input type="text" name="clear"/> <input type="submit" name="submit" value="generate" /> </form> <?php header("Content-Type: text/html; charset=utf-8"); if (isset($_POST['clear']) && $_POST['clear'] != '') { $cl = $_POST['clear']; $pw = crypt($cl, base64_encode($cl)); echo $pw; } ?> </body> </html>

I usually put my .htpasswd file in a directory named / htpasswd / outside of the webcontent directory, for example AuthUserFile /home/www/usr122/files/htpasswd/.sportsbar_reports_htpasswd (and not in the webcontent /home/www/usr122/html/htpasswd/ folder ) and rename the .htpasswd file as intended, for example. .sportsbar_reports_htpasswd

The password file should look like

 testusername:dGATwCk0tMgfM

where username is testusername and password is testuserpassword

0
source share

Just expand Mahesh's answer.

.htaccess
 AuthType Basic AuthName "restricted area" AuthUserFile /path/to/the/directory/you/are/protecting/.htpasswd require valid-user

If you do not want to use the online password generator, you can use openssl

 openssl passwd -apr1 your_password

Then put the generated password in .htpasswd format:

 username:<generated_password>

Example:

.htpasswd
 username:$apr1$ydbofBYx$6Zwbml/Poyb61IrWt6cxu0
0
source share

More articles:


All Articles