A general description on how to password protect a website
Protecting content with basic authentication
1. Create a password file
2. Set the configuration to use this password file
3. Optionally, create a group file
To create the file, type:
htpasswd -c /usr/local/apache/passwd/passwords username
you can create that file to whatever directory, but it’s advised to put to website root or apache working directory; htpasswd will ask you for the password, and then ask you to type it again to confirm it:
# htpasswd -c /usr/local/apache/passwd/passwords kin
New password: mypassword
Re-type new password: mypassword
Adding password for user kin
The -c flag is used only when you are creating a new file. After the first time, you will omit the -c flag, when you are adding new users to an already-existing password file.
htpasswd /usr/local/apache/passwd/passwords testuser
set the password file user/group as apache and only writeable by root
chown root.apache /usr/local/apache/passwd/passwords
chmod 640 /usr/local/apache/passwd/passwords
Set the configuration to use this password file
AuthName "By Invitation Only"
Require user kin testuser
The phrase "By Invitation Only” will be displayed in the password pop-up box, where the user will have to type their credentials. if you need all the users in the password file to be able to login, you can use "Require valid-user" to replace the last line option.
>>>Optionally, create a group file
just create the group file and add the group name, user to it. A group name appears first on a line, followed by a colon, and then a list of the members of the group, separated by spaces. For example:
authors: kin testuser1 testuser2
the configuration looks like the following:
AuthName "Apache Admin Guide Authors"
Require group authors
Don’t use basic authentication for anything that requires real security, however, will be secure if it’s acrossing ssl connection.
Protecting content with digest authentication is much the same as basic authentiation, it will just hash the password into md5 during thet transfer, you just need to change the following:
To create a new digest password file, type:
htdigest -c /usr/local/apache/passwd/digest realm username
htdigest will ask you for the desired password, and then ask you to type it again to confirm it.
specify "AuthType Digest" in the configuratino section.
Allow and Deny
The Allow and Deny directives let you allow and deny access based on the host name, or host address, of the machine requesting a document.
The usage of these directives is:
allow from address
deny from 22.214.171.124
Satisfy can take as an argument one of two options – all or any. any — if the user satisfies any of these, then they will be granted entrance. all — user must satisfies all the options.
A sample configuration:
Require group customers
Allow from internal.com