Saturday, 2 February 2008

Basic authentication using a .htaccess file

This is most of all a note to my self as I am currently implementing basic authentication on a domain hosted at on an apache platform, but I thought I would share it.

This is the way I suggest you do it on a domain:


AuthUserFile /customers/yourdomain/yourdomain/httpd.www/_private/.htpasswd
AuthGroupFile /dev/null
AuthName "Message to present in login box"
AuthType Basic

<Limit GET POST>
require valid-user

Remember the limit part as it tells what parts to protect. If you leave that part out the .htaccess file will do nothing.

Now you should create a .htpasswd file and place it in the _private folder on your domain to prevent others from gaining direct access to the file.

If you have the htpasswd tool on your machine you can execute the following to create a .htpasswd file:
htpasswd -c .htpasswd foobar
Afterwards you can add new users by executing:
htpasswd .htpasswd foobar
Otherwise you can use this online password generator and just paste the result into your .htpasswd file.