Follow us on...
Follow us on Twitter Follow us on Facebook
Register
Page 1 of 5 12345 LastLast
Results 1 to 8 of 34
  1. #1
    Jadey's Avatar
    Jadey is offline sosumi
    Join Date
    Apr 2001
    Location
    CANADA
    Posts
    771
    Thanks
    0
    Thanked 0 Times in 0 Posts

    How-to: Password protect Apache folders

    This How-to will tell you how to get Apache to prompt your users for a username & password when they try and look at a directory you've secured.

    As with all things Apache, start by editing the configuration file. This is in /private/etc/httpd

    Launch a terminal.

    Type: cd /private/etc/httpd

    Type: sudo pico httpd.conf

    (You can use a different text editor if you wish, other than pico).

    Scroll down until you reach the AuthConfig section. It will look like this:

    # This controls which options the .htaccess files in directories can
    # override. Can also be "All", or any combination of "Options", "FileInfo",
    # "AuthConfig", and "Limit"

    AllowOverride None

    Change that last line to:

    AllowOverride All


    Save the httpd.conf file. If you're using pico, this is done by holding down control and hitting x.

    Now, back in the terminal, type:

    sudo htpasswd -c .htpasswd username

    The username can be named what you like. For example, if you want people to be prompted for the username "friend" you would enter friend instead of username.

    This command will also prompt you for the password you want to use.


    Now in the terminal, type:
    cd /Library/WebServer/Documents/DirectoryYouWannaSecure

    Substitute "DirectoryYouWannaSecure" for the name of the folder you want people to have to type in a username & password to access. Or substitute the path to your own user's Sites directory.

    In the terminal, type: sudo pico .htaccess

    (again, you can use a different text editor than pico if you wish).

    In the .htaccess file you just created with pico, paste this:

    AuthUserFile /private/etc/httpd/.htpasswd
    AuthGroupFile /dev/null
    AuthName "Members Only"
    AuthType Basic

    <Limit GET POST>
    require valid-user
    </Limit>

    Save this file. Again control-x if in pico.

    Restart Apache: sudo apachectl restart
    (or turn it off & on with the button in your Sharing control panel)

    Now when you go to http://localhost/DirectoryYouWannaSecure you'll be asked for a username & password!
    Last edited by Jadey; January 13th, 2002 at 10:13 PM.

  2. #2
    Jadey's Avatar
    Jadey is offline sosumi
    Join Date
    Apr 2001
    Location
    CANADA
    Posts
    771
    Thanks
    0
    Thanked 0 Times in 0 Posts

    How-to: password protect symbolic links through Apache

    If you've created a symbolic link to a directory not normally served by apache, but want that directory to ask for a username & password, here is how you do it! This How-to assumes you've already followed my instructions above.

    First (in case you haven't created the symbolic link), bring up a terminal. Type in the terminal:

    ln -s /Users/username/Music /Library/WebServer/Documents/Music

    Modify first path above to the directory you actually want accessible in your web site. Modify the second path if you prefer to serve it out of your own /Users/username/Sites/Music (for example). This is the directory you'd create your .htaccess file in, as described in the first post in this thread.

    Now to protect that directory:

    In terminal type:

    cd /private/etc/httpd

    sudo pico httpd.conf

    Scroll down until you see a section that reads this:

    # Control access to UserDir directories. The following is an example
    # for a site where these directories are restricted to read-only.

    Add these lines:

    <Directory "/Library/WebServer/Documents/Music">
    AllowOverride AuthConfig
    </Directory>

    Save the file, restart apache. Now when you go to http://localhost/Music you'll be prompted for your username & password and taken into your /Users/username/Music directory through Apache!
    Last edited by Jadey; January 19th, 2002 at 10:13 AM.

  3. #3
    kilowatt's Avatar
    kilowatt is offline mach-o mach-o man
    Join Date
    Mar 2001
    Posts
    987
    Thanks
    0
    Thanked 0 Times in 0 Posts

    thanks!

    Thanks jadey for another great HOW TO.

    I'd just like to point out that this is a GREAT thing to do with phpMyAdmin (great configuration tool for anyone using php and MySQL).

    folks, don't leave myPhpAdmin open. Its a very bad thing to do. You can easily wipe out websites who do this, and for some its just too tempting.

    Also, if you password protect /check/1/ , then /check/1/two/three/bla.html is also protected.

    I think its pretty sweet!

    thanks jd!

  4. #4
    kilowatt's Avatar
    kilowatt is offline mach-o mach-o man
    Join Date
    Mar 2001
    Posts
    987
    Thanks
    0
    Thanked 0 Times in 0 Posts
    BTW, if you just want to add to the .htpasswd file, use:
    Code:
    sudo htpasswd .htpasswd username
    And I think you can have more than one .htpasswd file, thus creating groups!

    Thanks Jadey for getting me started with all this apache password stuff! Its *very* useful!

  5. #5
    meancode is offline Registered User
    Join Date
    Nov 2001
    Posts
    23
    Thanks
    0
    Thanked 0 Times in 0 Posts
    what i do on my server to eleviate the need for .htpasswd and .htaccess files (for user authentication) is use thise code in the httpd.conf file (or what i like to do, include it, so it is nice and neat:

    Code:
    Alias /dev "/Volumes/Contents 2/Development"
    
    <Directory "/Volumes/Contents 2/Development/">
      Options MultiViews
      AllowOverride None
      Order allow,deny
      Allow from all
    
      AuthName "Development Area"
      AuthType Basic
      <Limit GET HEAD OPTIONS CONNECT POST>
        Require group staff
      </Limit>
    </Directory>
    this binds the authentication to the staff group. also allows for a 'psudo realm' as the OSXS Server Admin app does not like to make realms outside the main Documents folder.

  6. #6
    bluehz is offline Registered User
    Join Date
    Jan 2002
    Posts
    115
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have been wondering about how to do this - thnx for the tutorial. I followed the instructions and all seemed to go well. When I attempted to access the directory I was protecting I got the login/password dialog - but when I entered my login/password - I got an error that authorization was req.

    I stepped through the tutorial one at a time and discovered the problem. Not sure if this is common - but maybe it will help others. On my machine I did not already have /private/etc/httpd/.htpasswd file. So when I attempted to add to it - nothing was happening.

    The solution was to issue the cmd in the tutorial like this instead:

    sudo htpasswd -c /private/etc/httpd/.htpasswd username

    this way if you don't have the file it will be created in the proper location. The "-c" option guarantees you won't overwrite a pre-existing file.

    One question I have - how do I see what names/pw are in the file in the future. Obviously they are encrypted so simply viewing them with a txt editor will not work. Also - how do I delete a user in the htpasswd file?

    Thx

  7. #7
    Jadey's Avatar
    Jadey is offline sosumi
    Join Date
    Apr 2001
    Location
    CANADA
    Posts
    771
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: How-to: Password protect Apache folders

    You should have read the tutorial more carefully. If you look at again, it does tell you how to create this file. Specifically this part:

    Originally posted by Jadey
    Now, back in the terminal, type:

    sudo htpasswd -c .htpasswd username
    This creates the .htpasswd file. The tutorial was written for not having one in the first place, as they don't come in a default Apache install.

    I should point out to that the -c option guarantees you overwrite an existing .htpasswd file. If you want to add new users to an existing .htpasswd file, use the same command and drop the -c.

    To answer your next question, you can open the .htpasswd file with a text editor. You'll see it in the form of:

    username:encryptedpassword

    If you want to delete one of the users, just delete the one line that is for them, and save the .htpasswd file.
    Last edited by Jadey; March 18th, 2002 at 10:08 PM.

  8. #8
    bluehz is offline Registered User
    Join Date
    Jan 2002
    Posts
    115
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I followed it step by step and no .htpasswd file was created.

    Thx for the clarification on the -c option. I am definitely no nix guru - the MAN is my friend...

 

 
Page 1 of 5 12345 LastLast

Similar Threads

  1. [HOWTO] - Password protect files and/or folders?
    By themacko in forum HOWTO & FAQs
    Replies: 16
    Last Post: January 8th, 2009, 01:06 PM
  2. password problems with apache
    By macidiot in forum Design & Media
    Replies: 1
    Last Post: January 31st, 2003, 10:55 PM
  3. password protect a document/file
    By chicodoggy in forum Mac OS X System & Mac Software
    Replies: 2
    Last Post: October 6th, 2002, 11:49 AM
  4. Replies: 6
    Last Post: September 25th, 2002, 03:43 PM
  5. is it possible to password protect folders?
    By Torz in forum Mac OS X System & Mac Software
    Replies: 8
    Last Post: September 14th, 2002, 11:08 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •