Again, this is almost a copy & paste recipe. This configuration will allow you to ask for a password to access a specific directory published through HTTP. It is very handy and I am using it very often, so it worths having it in an article.
Edit your .htaccess file and put the following content:
AuthName "Please Log In"
After that, you must use the htpasswd command to create the proper hashes in the pointed file.
Be sure your Apache configuration, in the <Directory> that that points to your directory the AllowOverride parameter is set correctly. Usually a value of All is enough. CentOS has it disabled by default.
Some security concerns:
- Basic auth sends the user and password in encoded with base64
- You should use it with HTTPS, a good way to do this is by adding some extra configuration into the .htaccess file to redirect your HTTP traffic to HTTPS transparently
Good luck!blog comments powered by Disqus