• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

How to Control Directory Access with Htaccess and Htpasswd in Apache

by wing

 

directory access control with htpasswd and htaccessHtaccess file is used to control access to directories in the web server. Normally, website administrators write htaccess file to put appropriate access control to files and pages stored in a specific directory. This method of directory access control is useful when you have a small number of users whom you want to give permission to view your contents.

Step 1:

Create an .htaccess file to inform the Apache that it needs to authenticated users before allowing access to a particular web directory. This htaccess file should have read and write permission for user and read only permission for both global and world, which mean this file’s permission should look like 644(the value of read permission is four(4), write permission is two(2) and execute permission is one (1).

Requirements: enable the basic authentication module in Apache.

The contents of the htacess file are as follows:

AuthUserFile c:\wamp\pwd\.htpasswd

AuthName “Members Only”

AuthType Basic

require valid-user

Note: the AuthUserFIle is used to point the the location of the password file, which is saved as an .htpasswd file in the pwd direcroty. Pwd is just a simple directory that you create to save your password file.

The above code of htaccess file has been tested in a WAMP server. If you are developing your web applications in a WAMP then you can copy the above codes and paste it in your text file and save it as .htaccess. Remember that when you will try to save this file with a dot(.) in front of htaccess, your OS may not let you save it. So, save it using a double a quote just like this: “.htaccess”

The pwd is just a folder created to store the .htpasswd file.  You can store this password file either in a newly created folder or in any other location. To avoid security risk, in the above case, pwd folder has been put outside the publicly available www directory.

 

Step 2:

 

Creating password with htpasswd command line

Open the cod in Windows

Then type the following location if you have installed WAMP in your C drive.

C:\wamp\bin\apache\Apache2.4.4\bin

Next type the following command to create a user name and password

The command for creating password file is:

htpasswd –c  c:/wamp/pwd/.htpasswd mark

Here the -c is used to create the .htpasswd file for the first time.

htpasswd command

Note: apache 2.4 has an issue with opening file with encrypted password. If you face any such problem, use the following command to create your password (in encrypted form) and user name

htpasswd -b passwdfile username password

Alternatively, you can type the followings in a text file and save it as .htpasswd.

mark :1234

Here mark is user name then the numbers (1234) after colon is the password. The problem with creating password with txt file is that the passwords will not be encrypted. You need to use php scrpt() function to encrypt it. The main advantage of creating user name and password with htpasswd tool is that it automatically encrypts the password.

The simple two steps to create a password protected page or directory

  1. Create a password file using htpasswd utility and store the password file anywhere. For example, you can put this password file in the htpasswd directory.
  2. Next, create an .htaccess file and put this file inside the directory that you want to protect.

Note: never store your password file within the URI space of your webserver. You should remember that the password file must be in a location that is readable by the webserver. In addition, you must not store a password file in a password-protected directory.

More information about basic authentication can be found at wiki.apache.org/httpd/PasswordBasicAuth

Related posts:

  1. WordPress Backup & Restore:Database and Home Directory
  2. Firefox Security Settings and Features
  3. What is Digital Signature and How it Works?
  4. Top Youtube Channels Championing Media Decency and Promoting Good Behavior Online

Filed Under: Internet Security and Safety

Primary Sidebar

Please help us sharing

Categories

  • AWS
  • Basics
  • Containers
  • Cryptocurrency
  • Cyber
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Law & Human Rights
  • Network Security Tips
  • Off Track
  • Social Media Governance
  • Tech Comparisons
  • Tech Stack Suitability
  • Telecom
  • Tutorial

CISSP Sample Test

Take a CISSP Sample Test

CISA Sample Test

CISA IT governance Sample test

Please Follow Us

Contact us for Ads

Go to Contact Form

Search

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

audit AWS backup basics browser check cisco cloud computer configuration cyber data database email gmail hsrp ids iis informaiton internet kubernetes linux load balancing malware microsoft network protection redundancy risk router security security tips server social media SSL switch test tools vpn vrrp web webserver website windows wordpress

Copyright © 2010-2025 ·All Rights Reserved · SecurityWing.com