How to enable .htaccess on .htpasswd for Apache.
Here are some short steps about how to password protect websites (or certain directories) using on an Apache webserver.
Note: this assumes you already have Apache installed and running correctly. This writeup is based on Slackware 12.0 & Apache 2.2.8 however the instructions should apply to any previous version of Apache or Linux/Unix builds. YMMV
First enabling .htaccess is simple. Open your active httpd.conf (mine is located @ /etc/httpd/conf/httpd.conf) in your favorite editor and look for the following lines
# First, we configure the “default” to be a very restrictive set of
Change AllowOverride to All:
Next, look for:
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be “All”, “None”, or any combination of the keywords:
# Options FileInfo AuthConfig Limit
Change this to:
[root@server]# /usr/bin/apachectl restart
As simple as that .htaccess is now enabled for your server.
Now lets enable it for the directory/site you wish to protect.
Shell in and navigate to the web directory that you wish to protect
[rss@server]$ cd public_html/protected
Find out your directory path:
[rss@server protected]$ pwd
Create the .htpasswd file
[rss@server protected]$ htpasswd -mc .htpasswd noob
Re-type new password:
Adding password for user noob
Create an .htaccess file
[rss@server protected]$ touch .htaccess
Add the following lines to .htaccess using your favorite text editor
Note: You must change the bolded entries to your own settings
AuthName “Protected Area”
Save the file and exit to console.
Note: Make sure the permissions are set correctly on the .htaccess and .htpasswd files
[rss@server protected]$ ls -al .ht*
-rw-r–r– 1 rss public 129 Apr 30 00:19 .htaccess
-rw-r–r– 1 rss public 19 Apr 30 00:23 .htpasswd
If for some reason the permissions are not set correctly, chmod them (644)
[rss@server protected]$ chmod 644 .ht*
Add more users to the password file
Note: If you want to add more users to access the directory, use the htpasswd command:
[rss@server protected]$ htpasswd -m .htpasswd newuser
Re-type new password:
Adding password for user newuser
That’s really all there is to it.. I would recommend not storing the .htpasswd file in the directory that it’s protecting (or even in a directory that is being served). Move the .htpasswd file to another location and change the AuthUserFile line within the .htaccess file to match the new location.