 |  |  | |  | |  | |  | |  | |  | | Article Summary
| Title: | | Apache Authentication Using .htaccess | | Description: | How to configure Apache authentication using .htaccess files | | Key Words: | apache, httpd, .htaccess, htaccess, configure, configuration, basic, browser, authentication | | Type: | FAQs | | Category: | HTTP Server FAQs | | Last Updated: | 2004-01-08 05:06:47 |
| |  | |  |
| | | | Apache Authentication Using .htaccess
How do I configure basic (browser) authentication using Apache?
Our Apache configuration supports .htaccess files. A .htaccess file is a hidden file that, when present in a directory, overrides the default Apache configuration directives. This feature allows individual accounts to customize their Apache configuration, while maintaining account security.
Configuring basic authentication typically requires three steps. Two have already been done for you.
- Create a password file
- Create a group file
- Protect a directory or a set of files
Create a Password File
Although any number of password files may exist for a single web site, we recommend using the default password file located at /www/site_name/conf/passwd. Common tasks related to this file include:
-
Adding a user or resetting a password:
htpasswd /www/site_name/conf/passwd username
-
Removing a user:
Manually edit the file and delete the line that contains the username.
Create a Group File
Like the password files, any number of group files may exist for a single web site. We suggest using the default group file located at /www/site_name/conf/group.
The group file contains one line per group. Each line consists of a group name, immediately followed by a single colon, then a space-separated list of users in the group. The default group file defines one group, called "developer", which is used to protect the Analog log file reports.
Protect a Directory or a Set of Files
When protecting some resources, you must first decide who can access the resource. To avoid the tedium of maintaining the group file, people will commonly grant permission to all users in the password file. This is done through the require valid-user directive. Access may be restricted to a list of users with the require user username [username] ... directive. Finally, access may be restricted to specific groups using the require group group_name [group_name] ... directive.
Once you determine who can have access, you need to specify what you are protecting. You may protect an entire directory, a specific list of files, or a set of files based on a regular expression. To protect the entire directory, your .htaccess file would look like this:
AuthGroupFile /www/site_name/conf/group
AuthUserFile /www/site_name/conf/passwd
AuthName "Prompt displayed when asking for password"
AuthType Basic
require group group_name
You may also selectively protect files using the Files and FilesMatch directives. An example:
AuthGroupFile /www/site_name/conf/group
AuthUserFile /www/site_name/conf/passwd
AuthName "Prompt displayed when asking for password"
AuthType Basic
<Files clientlist.html>
require group group_name
</Files>
Note for Accounts Established Prior to March 2001
Initially AO Industries did not support .htaccess files and authentication had to be configured by us in the Apache configuration files. Accounts created prior to March of 2001 may still have this old configuration. In this case, you may create a ticket to either have the existing authentication configurations modified to your needs or have the configuration upgraded to support .htaccess files.
A few accounts created before March of 2001 may also have their default password and group files located in /wwwgroup/jvm_name/conf/ instead of /www/site_name/conf/.
To find out when your account was created, see the created column of the businesses AOServ table.
| | | | |
| |  | |  | | Copyright © 2000-2024 AO Industries, Inc. |
|
