User Rating: 5 / 5

Star Active Star Active Star Active Star Active Star Active

Again, this is almost a copy & paste recipe. This configuration will allow you to ask for a password to access a specific directory published through HTTP. It is very handy and I am using it very often, so it worths having it in an article.

Edit your .htaccess file and put the following content:

AuthUserFile /etc/httpd/htpasswd
AuthName "Please Log In"
AuthType Basic
require valid-user

After that, you must use the htpasswd command to create the proper hashes in the pointed file.

Be sure your Apache configuration, in the <Directory> that that points to your directory the AllowOverride parameter is set correctly. Usually a value of All is enough. CentOS has it disabled by default.

Some security concerns:

  1. Basic auth sends the user and password in encoded with base64
  2. You should use it with HTTPS, a good way to do this is by adding some extra configuration into the .htaccess file to redirect your HTTP traffic to HTTPS transparently

Good luck!

blog comments powered by Disqus


Read about IT, Migration, Business, Money, Marketing and other subjects.

Some subjects: FusionPBX, FreeSWITCH, Linux, Security, Canada, Cryptocurrency, Trading.