Password Protecting a Location/Directory

From Zanecorpwiki

Jump to: navigation, search

Either in the main configuration or within a VirtualHost directive, add a directory directive with something like the following: 

<Directory /the/directory/to/protect>
  AuthType Basic
  AuthName "Restricted Files"
  AuthUserFile /usr/local/apache/passwd/passwords
  Require valid-user
</Directory>

If you're serious about security, you'll need this within a secure server and you'll want to add the following to the non-secure virtual host if they cover the same ground: 

<Directory /the/directory/to/protect>
  Order deny,allow
  Deny from all
</Directory>

This would deny access via HTTP and thereby provide basic protection to user passwords which would otherwise potentially be sent as clear text across a non-secure channel.

Retrieved from "http://www.zanecorp.com/wiki/index.php/Password_Protecting_a_Location/Directory"
Personal tools
NEW CHANGED