Beginner Table of Contents • • • • • • • Introduction Apache is one of the most widely-used and popular web servers in the world. Configuring your websites with password authentication can prevent unauthorized users from accessing your website without the correct user ID and password. This tutorial explains an easy way to password protect a web directory in Apache using.htaccess. Requirements • A server running CentOS v. 7 with Apache installed • Static IP address or URL for your website Configure Apache to allow.htaccess authentication By default Apache does not allow the use of.htaccess files in CentOS 7. May 24, 2011 hello, i am using CentOS, apache, and tried to use the.htaccess, with no successes. I edit /etc/httpd/conf/httpd.conf. How to enable.htaccess in Apache HTTP server Author. Enable.htaccess on CentOS or Fedora. This will activate.htaccess for the corresponding directory tree. You will need to set up Apache to allow.htaccess based authentication. You can do this by editing the Apache config file: sudo nano /etc/httpd/conf/httpd.conf Find the section that begins with. Change the line from AllowOverride none to AllowOverride AuthConfig AllowOverride AuthConfig Save and close the file. Create a password file with htpasswd The htpasswd command is used to create and update the files used to store usernames and password for basic authentication of Apache users. We will create a hidden file.htpasswd in the /etc/httpd/ configuration directory. Let's begin by creating a.htpasswd file for user1. Sudo htpasswd -c /etc/httpd/.htpasswd user1 You will be asked to supply and confirm a password for user1. Note: Only use -c the first time you create the file. Do not use -c when you add a user in the future. Let's create another user named user2: sudo htpasswd /etc/httpd/.htpasswd user2 After creating user2, you can see the username and the encrypted password for each record: sudo cat /etc/httpd/.htpasswd The output will look something like this: user1:$apr1$0r/2zNGG$jopiWY3DEJd2FvZxTnugJ/ user2:$apr1$07FYIyjx$7Zy1qcBd.B8cKqu0wN/MH1 Now, you need to allow the apache user to read the.htpasswd file. Sudo chown apache:apache /etc/httpd/.htpasswd sudo chmod 0660 /etc/httpd/.htpasswd Configure Apache password authentication Now you need to create a.htaccess file in the web directory you wish to restrict. For this example, we will create the.htaccess file in the /var/www/html/ directory to restrict the entire document root. Sudo nano /var/www/html/.htaccess Add the following content: AuthType Basic AuthName 'Restricted Content' AuthUserFile /etc/httpd/.htpasswd Require valid-user Save and close the file, then restart Apache to make these changes take effect. Sudo apachectl restart Testing password authentication After everything has been set up, it's time to test your Apache server. From your desktop computer, try to access your restricted content in a web browser by visiting your URL or static IP address. You will be prompted with a username and password to access the website. If you enter the correct credentials, you will be allowed to access the content. If you enter the wrong credentials or hit 'Cancel' you will see the 'Unauthorized' error page: Conclusion Your website is now secure with password authentication. Remember that password protection should be combined with SSL, so that your credentials are not sent to the server in plain text.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2018
Categories |