Apache web server have a key security feature called .htaccess password. .htaccess password protection help us to secure our root directories on web servers. We all know our sites and web servers are exposed to the outer world. Unauthorized access of users to restricted areas will cause damage on our web server. It might also lead us to data loss. In order to prevent the unauthorized access to our data’s, we need to use security feature on Apache server. .htaccess password come into the role to implement the security. .htaccess can help us to configure the authentication mechanism on Apache web server. Users or group can only access the directory or website using their unique password.
Here i like to explain the implementation of .htaccess password on Apache virtual directory,
1. Enable the .htaccess feature on Apache httpd.conf
# AllowOverride controls what directives may be placed in .htaccess files.# It can be "All", "None", or any combination of the keywords:# Options FileInfo AuthConfig Limit<Directory />Options FollowSymLinks#AllowOverride NoneAllowOverride All</Directory>
2. Enter the Vhost entries on Apache
<VirtualHost 192.168.0.252:80>ServerName sarg.talk2melbin.com:80ServerAlias www.sarg.talk2melbin.comServerAdmin "firstname.lastname@example.org"DocumentRoot /var/www/sarg/</VirtualHost> In order to detect .htaccess form /var/www/html, we need to specify the "AllowOverride All" directive inside <Directory "/var/www/html"> <Directory> tag.
3. Create a secure directory to store the .htaccess password’s
# mkdir /var/www/htpass
4. Generate the password, keep strong the password
Command will create new .htpasswd file and add user with MD5 encryption password
# htpasswd -cm /var/www/htpass/.htpasswd melbinTo add a second user.# htpasswd -m /var/www/htpass/.htpasswd nobin
5. Write the .htaccess rule under root directory
# vi /var/www/sarg/.htaccess
Add the following lines into .htaccess file
AuthName "Restricted Area"AuthType BasicAuthUserFile /var/www/htpass/.htpasswdAuthGroupFile /dev/nullrequire valid-user
6. Run configuration checker to make ensure all apache edits are correct
7. Reload Apache
# /etc/init.d/httpd reload
Now our website url is protected by authentication. While browsing the domain url www.sarg.talk2melbin.com .httaccess prompt for user name and password. Only allowed users can access the url.
Latest posts by Melbin Mathew (see all)
- VMware virtual IDE to virtual SCSI hard disk conversion steps – Windows XP - August 6, 2015
- Stop Error “CRITICAL_STRUCTURE_CORRUPTION - August 5, 2015
- Error installing Windows server role and feature required for the Exchange 2010 - December 3, 2013