Versione 2 del 2013-06-27 14:36:39

Nascondi questo messaggio
Italiano English
Modifica History Actions

htaccess

Apache: protect with username and password a web path

First of all in the apache config make sure you can Override the configuration with the hidden .htaccess files. In this example config I replaced AllowOverride None to AllowOverride All

<Directory "/srv/http">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.2/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    #AllowOverride None
    AllowOverride All 

    #
    # Controls who can get stuff from this server.
    #
    Order allow,deny
    Allow from all

</Directory>

Restart apache if you change the apache configuration.

Now in the directory you want to protect create the hidden .htaccess file, here my example:

[root@alarm ~]# cat /srv/http/.htaccess 
AuthType basic
AuthName REALM
AuthUserFile /etc/apachepwd
Require valid-user

[root@alarm ~]# 

To create users in the apachepwd file use the command htpasswd

htpasswd /etc/apachepwd myusername