Apache-Website Security

**Admin** · 03-Dec-2006, 10:11 PM

Simple clear Security for Websites running on Apache. This can be on any flavor of Unix

In the httpd.conf file edit this line:
Directory /
Options FollowSymLinks
AllowOverride None
/Directory

To read:
Directory /
Options FollowSymLinks
AllowOverride AuthConfig
/Directory

**note** -the above lines have <> on each side of the Directory statement. This form would not accept the brackets. **end Note**

go to serverroot/bin and run the command:
htpasswd -c /password example test
-this creates the password file. It will prompt for new password expample. testpassword

*****Remember****** must make password file executable. You can find it in / .

then create a file named .htaccess that reads:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /password
Require user test

Now when you hit the website or the files in the directory you want to secure it will prompt you for the test username and the password that you created. This is clear text so be careful. More than one name can be used by using the htpasswd command without the -c option. It will just add more named below it. I usually use this on webservers that are internal that I want to restrict certain users to. More info at apache.org documentation

03-Dec-2006, 10:11 PM	#1 (permalink)
Admin Administrator Posts: 875 Join Date: Oct 2005 Rep Power: 10 IM:	Apache-Website Security Simple clear Security for Websites running on Apache. This can be on any flavor of Unix In the httpd.conf file edit this line: Directory / Options FollowSymLinks AllowOverride None /Directory To read: Directory / Options FollowSymLinks AllowOverride AuthConfig /Directory note -the above lines have <> on each side of the Directory statement. This form would not accept the brackets. end Note go to serverroot/bin and run the command: htpasswd -c /password example test -this creates the password file. It will prompt for new password expample. testpassword ***Remember**** must make password file executable. You can find it in / . then create a file named .htaccess that reads: AuthType Basic AuthName "Restricted Files" AuthUserFile /password Require user test Now when you hit the website or the files in the directory you want to secure it will prompt you for the test username and the password that you created. This is clear text so be careful. More than one name can be used by using the htpasswd command without the -c option. It will just add more named below it. I usually use this on webservers that are internal that I want to restrict certain users to. More info at apache.org documentation

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)