How to enable .htaccess on .htpasswd for Apache.
Here are some short steps about how to password protect websites (or certain directories) using on an Apache webserver.
Note: this assumes you already have Apache installed and running correctly. This writeup is based on Slackware 12.0 & Apache 2.2.8 however the instructions should apply to any previous version of Apache or Linux/Unix builds. YMMV
First enabling .htaccess is simple. Open your active httpd.conf (mine is located @ /etc/httpd/conf/httpd.conf) in your favorite editor and look for the following lines
# First, we configure the “default” to be a very restrictive set of
# features.
#
Options FollowSymLinks
AllowOverride None
Change AllowOverride to All:
Options FollowSymLinks
AllowOverride All
Next, look for:
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be “All”, “None”, or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
Change this to:
AllowOverride All
Restart apache:
[root@server]# /usr/bin/apachectl restart
As simple as that .htaccess is now enabled for your server.
Now lets enable it for the directory/site you wish to protect.
Shell in and navigate to the web directory that you wish to protect
[rss@server]$ cd public_html/protected
[rss@server protected]$
Find out your directory path:
[rss@server protected]$ pwd
/home/rss/public_html/protected
Create the .htpasswd file
[rss@server protected]$ htpasswd -mc .htpasswd noob
New password:
Re-type new password:
Adding password for user noob
[rss@server protected]$
Create an .htaccess file
[rss@server protected]$ touch .htaccess
Add the following lines to .htaccess using your favorite text editor
Note: You must change the bolded entries to your own settings
AuthType Basic
AuthUserFile /home/rss/public_html/protected/.htpasswd
AuthGroupFile /dev/null
AuthName “Protected Area”
require valid-user
Save the file and exit to console.
Check permissions
Note: Make sure the permissions are set correctly on the .htaccess and .htpasswd files
[rss@server protected]$ ls -al .ht*
-rw-r–r– 1 rss public 129 Apr 30 00:19 .htaccess
-rw-r–r– 1 rss public 19 Apr 30 00:23 .htpasswd
[rss@server protected]$
If for some reason the permissions are not set correctly, chmod them (644)
[rss@server protected]$ chmod 644 .ht*
Add more users to the password file
Note: If you want to add more users to access the directory, use the htpasswd command:
[rss@server protected]$ htpasswd -m .htpasswd newuser
New password:
Re-type new password:
Adding password for user newuser
That’s really all there is to it.. I would recommend not storing the .htpasswd file in the directory that it’s protecting (or even in a directory that is being served). Move the .htpasswd file to another location and change the AuthUserFile line within the .htaccess file to match the new location.
