evolution creations
when you put your mind to it, anything is possible
Password Protecting Directory in Ubuntu 8.04
To password protect a directory in Apache2.2 hosted on Ubuntu 8.04 (will probably be very similar as the versions change in Ubuntu), this is a two fold process.
Configuring Apache to use .htaccess files
The first is to configure Apache2.2 to allow access to use .htaccess files. To do this, you will want to first confirm that that within the apache2.conf file located in /etc/apache2/, that the following line exists:
AccessFileName .htaccess
I didn’t add this to my installation of Apache2.2 it was already there, so I’m assuming the same would be for everyone else. The second is to go into the /etc/apache2/sites-available directory and modify the virtual host configuration file for each site that you have hosted. For me, I only have 1 site hosted at the moment, so the only file I modified was /etc/apache2/sites-available/default.
To have Apache know that it should check for the .htaccess file, you will want to modify it by changing the two instances of:
AllowOverride None
to
AllowOverride All
Within the directory tags in the configuration file. There is a third directory tag going down that configuration file for /usr/lib/cgi-bin and you shouldn’t need to change this instance of the Allow Override directive. Once you do this, remember to restart Apache by:
sudo /etc/init.d/apache2 restart
Once this is done your Apache will be configured to check for .htaccess files.
Setting up your .htaccess file
Now that you have Apache configured, you will need to configure your .htaccess file. First create this by:
sudo joe /var/www/.htaccess
and add the following:
AuthUserFile /var/.htpasswd
AuthName “Private System–No Unauthorized Access!”
AuthType BasicRequire user username
I put the authentication file outside of the /var/www directory so that it’s not web accessible. The AuthName is simply the label that gets put on the popup box that appears when you are prompted to enter in a username/password. The last line for Require user is the username that you will be using to authenticate with. Each person who you want to give access to should have a require user entry in your .htaccess file.
After you save this file, you will need to setup a password for the user that you specified in the .htaccess file. To do this run:
cd /var/
and then run:
sudo htpasswd -c /var/.htpasswd username
Enter in the username that you put into the .htaccess file and it will ask you to enter your password and then reenter it. Once you do this, you should be able to go to the URL of the directory that you put your .htaccess file in and you should receive a username/password prompt!
Explore Badlands
Tempest Keep
Twilight Duo (10 player)
July 4, 2008 - 3:52 PM
Although your blog did not help me it gave me an idea why my htaccess was not working. Basically because I had too many Directory directives apache seemed to be only using the top most Directory directive. Wasted hours trying to figure it out.