Again, this is almost a copy & paste recipe. This configuration will allow you to ask for a password to access a specific directory published through HTTP. It is very handy and I am using it very often, so it worths having it in an article.

Edit your .htaccess file and put the following content:

AuthUserFile /etc/httpd/htpasswd
AuthName "Please Log In"
AuthType Basic
require valid-user

After that, you must use the htpasswd command to create the proper hashes in the pointed file.

Be sure your Apache configuration, in the <Directory> that that points to your directory the AllowOverride parameter is set correctly. Usually a value of All is enough. CentOS has it disabled by default.

Some security concerns:

  1. Basic auth sends the user and password in encoded with base64
  2. You should use it with HTTPS, a good way to do this is by adding some extra configuration into the .htaccess file to redirect your HTTP traffic to HTTPS transparently

Good luck!

blog comments powered by Disqus