[Linux] Journal.

I wanted to protect my work associated blogs with password. I remember doing this with .htaccess files when I was back in university so I checked up on it again. It seems that .htaccess files should only be used if you don’t have access to the server configuration file. The preferred way is to put user authentication in httpd.conf.

It’s not so different since any configuration that you would consider putting in a .htaccess file, can just as effectively be made in a <Directory> section in httpd.conf.

So, first setup a password file like below:

$ htpasswd /usr/local/apache/passwd/passwords username
# use -c if creating it for the first time
New password:
Re-type new password:
$ chown root.www-data /usr/local/apache/passwd/passwords
$ chmod 640 /usr/local/apache/passwd/passwords

where www-data is the owner of the directory I want to protect. Actually on the documentation it says to set group ownership to nogroup but it didn’t work for me.

Then in the apache configuration file add:

<Directory /var/www/work>
AuthType Basic
AuthName "Password Required"
AuthUserFile /usr/local/apache/passwd/passwords
Require user username
</Directory>

restart apache server, and we’re done.

This entry was posted on Monday, July 19th, 2004 at 11:19 pm and is filed under Web publishing. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.