Friday, December 21, 2007

Password protect a web page

Password protect your web pages in apache server in a very simple way. This is however not that secure and is not recommended. Just use this for simple thing and when other authentication cant be used.

First create a file which holds username and password.
For this you can use htpasswd program.

/usr/local/httpd/bin/htpasswd -c /usr/local/httpd/passwordfile username

The -c option here creates new file. So if the file already exists or you are just modifying or adding a new user omit -c option. Not doing that will make a new file resulting in loss of old username and password.

The file must be somewhere your webserver can find but not other place. Though the password is encrypted its better to keep it off from human eye.

Now edit you httpd.conf file to include the follwoing line in whichever websites that you require authentication


AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /usr/local/apache/passwd/passwords
Require user rbowen sungo


Restart apache and you're done.

Additional reading: http://httpd.apache.org/docs/1.3/howto/auth.html#basic

0 comments:

Post a Comment