[plug] htaccess

[Ben Jensz]

You have to create the .htpasswd file with a utility which comes with Apache
called funnily enough "htpasswd".  To create a new file type:

/path/to/htpasswd -c /var/www/html/private/.passwd valid-user

It'll then prompt you to enter in a password for the username "valid-user".
You don't have to store the .passwd file in the public web server root, you
can store it outside of it and it'll still work and its more secure if you
do as well.  If you store it in a web accessible directory, then name it
".htpasswd" because Apache has a commented out section which denies access
to files called ".htpasswd" which you can uncomment to protect those files
if you want to put them in web accessible directories.

Once the file is created, you can add new users to that file for completely
separate .htaccess auth files elsewhere simply by typing:

/path/to/htpasswd /var/www/html/private/.passwd newuser

It encrypts the passwords in that file, as you'll see if you open it in vi
or cat it.

Also check to make sure you've got AllowOverride set to either "AuthConfig"
or to "All" for the VirtualHost (or default permissions) that you are
putting the .htaccess file into.

Hope that helps..


/ Ben

----- Original Message -----
From: "Joel Fraser" <joel231 at yahoo.com>
To: <plug at plug.linux.org.au>
Sent: Friday, November 09, 2001 9:15 PM
Subject: [plug] htaccess


> I am trying to password protect a file on my webserver using htaccess but
> it doesnt work at all. This is what it says in the .htaccess file:
>
> AuthType Basic
> AuthName "Downloads"
> AuthUserFile    /var/www/html/private/.passwd
> require valid-user
>
> and i have the .passwd file with a username and password as well, any
> suggestions.
>
> Cheers Joel Fraser
>
> =====
>
>
>
>
> http://briefcase.yahoo.com.au - Yahoo! Briefcase
> - Manage your files online.
>