The Apache configuration htpasswd, md5, mod_rewrite,

October 20, 2008 at 2:34 pm Leave a comment

The Apache configuration file httpd.conf contains settings applied to all hosted domains, and also domain specific settings (settings contained in <VirtualHost> tags). Of course you don’t want your users to edit the httpd.conf file, but fortunately they can do site specific settings themselves by allowing them to use .htaccess files.

It’s easy…

A .htaccess file (note the dot in front of the filename) is a plain text file with settings in it. It can be placed at the root of a website or any sub directory. The settings in it will apply to the current and all sub directories in the current directory.

First of all, you must set the AllowOverride directive in httpd.conf. AllowOverrride controls which types of directives that are allowed in .htaccess files.:

<Directory “/usr/local/www/”>
AllowOverride All

Add a section like the above for each of the domains you want to allow using .htaccess.

Remember to restart Apache to make the changes take effect.

The following sections of this page, describes som examples of using .htaccess files.

Note: Instruct your users to use ASCII mode when uploading .htaccess files. If BINARY mode is used the file will NOT work.
Password protection using a password file

This section describes how to protect all or part of a website against unauthorized access. The content of the .htaccess file:

AuthUserFile /usr/local/www/secure_directory/.htpasswd
AuthGroupFile /dev/null
AuthName “My protected site”
AuthType Basic

require valid-user

In the first line, replace bolded text with the path to your own protected area. In the third line, replace bolded text with a text of your choice. This text will appear in the login boks.

You may need to CHMOD the .htaccess file to 644 or (RW-R–R–). This makes the file usable by the server.

Create a directory just above your website root. This is where you will create your password file, and we don’t want this in a public directory.

For example, my password file is in /usr/local/www/secure_directory/

Now, you need to create the .htpasswd file. You can do it manually by putting each users username an password into it:


Each line must end with a line break, and there must be an empty line at the end of the file.

Another way of creating the password file is by using the htpasswd command, but this requires ssh access to the server.

htpasswd -c /usr/local/www/secure_directory/.htpasswd pas
New password:
Re-type new password:
Adding password for user pas

Next time you want to create a user, ommit the -c option (this is important to remember, or you will override the existing users/passwords in the file). For security reasons, passwords do not show op on the screen as you type.

This example shows how to change the password for an existing user (bold text is all in one line):

htpasswd -b /usr/local/www/secure_directory/.htpasswd pas fff
Updating password for user pas


Entry filed under: Php, Script. Tags: , , , , , , , , , , , .

function html to text URL Layout

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

October 2008
« Sep   Feb »

%d bloggers like this: