Password Protect My Website
Password Protecting Site via Htaccess
Create a .htaccess file with the following in the to-be-protected folder:
AuthType BasicAuthName "Password Protected Area"AuthUserFile /var/www/admin/.htpasswdRequire valid-user
Create a
.htpasswd
file in the same or preferably a folder that is outside/var/www
.For demonstration, I used a dummy path above. The .htpasswd file should contain your password salt use this generator to create your
.htpasswd
file.Assuming you are using ubuntu, you have to enable htaccess override via this file:
/etc/apache2/sites-available/default
Change the "AllowOverride None" to "AllowOverride All" in:
<Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all</Directory>
note: you may need to edit in ssh via command line: sudo nano /etc/apache2/sites-available/default
sudo /etc/init.d/apache2 reload
If all you are looking for is server-level access control (i.e. no modifications to your application), you can utilize basic authentication. This is implemented at the Apache web-server level and can be controlled on a directory-by-directory basis if desired using .htaccess files.
Here is a link to the Apache documentation
http://httpd.apache.org/docs/2.2/howto/auth.html
Here is a simple example of how to implement
You need to generate a password username+password string for authentication and write it to a file.
- You can use HTTP password generator tool to do this.
- Copy paste the string you obtained to a new file (.htpasswd) anywhere outside your Webroot (better to keep anywhere inside home directory of the user).
- Add following lines in your .htaccess file.
AuthType BasicAuthName "Require Authentication"AuthUserFile [PATH_TO_FILE]/.htpasswdRequire valid-user
If the password is not triggering, check the permission of .htaccess file.
If authetication fails, check the existance of .htpasswd file in the specified location. (Make sure your user account has enough privileges on .htpasswd file to read)
You do not need to restart server to achieve this.
Hope this helps.