• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

Menu
  • About
  • Must Read
      • IIS Performance Boost
      • RFID Security
      • Web App Security Testing
      • How to Secure Home Network
      • Prevent Cross-Site Scripting Attacks
      • Renew Self-Signed Certificates
      • Penetration Testing Tools
      • VPN Concentrator
      • Forensic Investigation Tools
      • Digital Certificates
      • Cloud Security Issues
      • Advanced Evasion Prevention
      • Firewall Types
      • Tips to Prevent Data Exfiltration
      • Classified Info Handling
      • MySQL Security
      • Definition of 7 Types of Malware
      • VOIP Security
      • Why Antivirus Software Fails
      • 15 Network Security Vulnerabilities
      • Web App Security
      • IT Security Standards
      • Types of Virtualization
      • Android Security
      • Digital Signature
      • Advanced Malware Protection
    • Close
  • Consultancy
  • Contact

How to Control Directory Access with Htaccess and Htpasswd in Apache

by wing

 

directory access control with htpasswd and htaccessHtaccess file is used to control access to directories in the web server. Normally, website administrators write htaccess file to put appropriate access control to files and pages stored in a specific directory. This method of directory access control is useful when you have a small number of users whom you want to give permission to view your contents.

Step 1:

Create an .htaccess file to inform the Apache that it needs to authenticated users before allowing access to a particular web directory. This htaccess file should have read and write permission for user and read only permission for both global and world, which mean this file’s permission should look like 644(the value of read permission is four(4), write permission is two(2) and execute permission is one (1).

Requirements: enable the basic authentication module in Apache.

The contents of the htacess file are as follows:

AuthUserFile c:\wamp\pwd\.htpasswd

AuthName “Members Only”

AuthType Basic

require valid-user

Note: the AuthUserFIle is used to point the the location of the password file, which is saved as an .htpasswd file in the pwd direcroty. Pwd is just a simple directory that you create to save your password file.

The above code of htaccess file has been tested in a WAMP server. If you are developing your web applications in a WAMP then you can copy the above codes and paste it in your text file and save it as .htaccess. Remember that when you will try to save this file with a dot(.) in front of htaccess, your OS may not let you save it. So, save it using a double a quote just like this: “.htaccess”

The pwd is just a folder created to store the .htpasswd file.  You can store this password file either in a newly created folder or in any other location. To avoid security risk, in the above case, pwd folder has been put outside the publicly available www directory.

 

Step 2:

 

Creating password with htpasswd command line

Open the cod in Windows

Then type the following location if you have installed WAMP in your C drive.

C:\wamp\bin\apache\Apache2.4.4\bin

Next type the following command to create a user name and password

The command for creating password file is:

htpasswd –c  c:/wamp/pwd/.htpasswd mark

Here the -c is used to create the .htpasswd file for the first time.

htpasswd command

Note: apache 2.4 has an issue with opening file with encrypted password. If you face any such problem, use the following command to create your password (in encrypted form) and user name

htpasswd -b passwdfile username password

Alternatively, you can type the followings in a text file and save it as .htpasswd.

mark :1234

Here mark is user name then the numbers (1234) after colon is the password. The problem with creating password with txt file is that the passwords will not be encrypted. You need to use php scrpt() function to encrypt it. The main advantage of creating user name and password with htpasswd tool is that it automatically encrypts the password.

The simple two steps to create a password protected page or directory

  1. Create a password file using htpasswd utility and store the password file anywhere. For example, you can put this password file in the htpasswd directory.
  2. Next, create an .htaccess file and put this file inside the directory that you want to protect.

Note: never store your password file within the URI space of your webserver. You should remember that the password file must be in a location that is readable by the webserver. In addition, you must not store a password file in a password-protected directory.

More information about basic authentication can be found at wiki.apache.org/httpd/PasswordBasicAuth

Related Posts:

  • No Related Posts

Filed Under: Internet Security and Safety

Primary Sidebar

CISSP Sample Test

Take a CISSP Sample Test

CISA IT governance Sample test



Twitter Follow @securitywing

Categories

  • AWS
  • containers
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Network Security Tips
  • Off Track
  • Telecom
  • Tutorial

Pages

  • About
  • Best IT Security Certification Exam
  • CISA IT governance Sample test
  • CISA Sample Test
  • CISSP Sample Test Online
  • Consultancy
  • Contact

Popular Posts

  • 3 Steps to Install Miniku...
  • How to install a new Goda...
  • 63 Web Application Securi...
  • How to Renew Self-Signed...
  • How to Setup AWS CloudFro...
  • Host Based IDS vs Network...
  • 8 Effective Ways to Impro...
  • Active vs Passive FTP Mod...
  • Top 10 RFID Security Conc...
  • Yahoo Mail Security Setti...

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

antivirus audit AWS backup browser check cisco cloud computer cyber data database encryption firewall home hsrp ids informaiton internet intrusion it kubernetes linux load balancing malware network protection putty risk router security security tips server ssh SSL switch tools virus vpn vulnerability web webserver website windows wordpress

Copyright © 2010-2023 ·All Rights Reserved · SecurityWing.com