Password Protect My Website Password Protect My Website apache apache

Password Protect My Website


apache amazon-ec2 webserver

Password Protecting Site via Htaccess

  1. Create a .htaccess file with the following in the to-be-protected folder:

    AuthType BasicAuthName "Password Protected Area"AuthUserFile /var/www/admin/.htpasswdRequire valid-user

  2. Create a .htpasswd file in the same or preferably a folder that is outside /var/www.

    For demonstration, I used a dummy path above. The .htpasswd file should contain your password salt use this generator to create your .htpasswd file.

  3. Assuming you are using ubuntu, you have to enable htaccess override via this file: /etc/apache2/sites-available/default

    Change the "AllowOverride None" to "AllowOverride All" in:

    <Directory /var/www/>   Options Indexes FollowSymLinks MultiViews   AllowOverride None   Order allow,deny   allow from all</Directory>

note: you may need to edit in ssh via command line: sudo nano /etc/apache2/sites-available/default

  1. sudo /etc/init.d/apache2 reload

apache amazon-ec2 webserver

If all you are looking for is server-level access control (i.e. no modifications to your application), you can utilize basic authentication. This is implemented at the Apache web-server level and can be controlled on a directory-by-directory basis if desired using .htaccess files.

Here is a link to the Apache documentation

http://httpd.apache.org/docs/2.2/howto/auth.html

Here is a simple example of how to implement

http://doc.norang.ca/apache-basic-auth.html

apache amazon-ec2 webserver

You need to generate a password username+password string for authentication and write it to a file.

  • You can use HTTP password generator tool to do this.
  • Copy paste the string you obtained to a new file (.htpasswd) anywhere outside your Webroot (better to keep anywhere inside home directory of the user).
  • Add following lines in your .htaccess file.
AuthType BasicAuthName "Require Authentication"AuthUserFile [PATH_TO_FILE]/.htpasswdRequire valid-user

  • If the password is not triggering, check the permission of .htaccess file.

  • If authetication fails, check the existance of .htpasswd file in the specified location. (Make sure your user account has enough privileges on .htpasswd file to read)

  • You do not need to restart server to achieve this.

Hope this helps.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last