• apache comes with built-in poorman's authentication: htpasswd
  • use only over SSL (SSLRequireSSL)
  • four directives: AuthUserFile, AuthGroupFile, AuthName, AuthType
  • Put directives in .htaccess of directory to be protected
    • AuthUserFile /home/jeremy/.htpass
# the name of the file that contains the passwords -- add with htpasswd
AuthGroupFile /dev/null
# usually set to /dev/null
AuthName "My Web Page's Secret Section"
# the text that appears on the login box
AuthType Basic

Require valid-user
#without the above line, ANY user/pass will work!
  • AuthUserFile should be placed outside DocumentRoot for security reasons
    • INDEX
    PREVIOUS
    Master Index