Monday, January 28, 2008

Password protecting webpages

Our task is to control the access the particular website.

1. cd /etc/httpd/conf

2. vi httpd.conf

3. Change the line that says
AllowOverride None
to
AllowOverride AuthConfig

4. While doing the above changes on the httpd.conf file be sure not to change the first ocurance change the second ocurrance.

5. Before doing any changes take a backup of httpd.conf file

6. You should now identify the folders under your webserver you would like to protect.

7. On a Linux server the actual directory path would be
/var/www/html/test
So on the web browser it would be
http://www.test.com/test

8. Once you identify which directory you will have to protect then inside that directory create one file .htaccess

9. vi .htaccess
AuthName "Login to the website"
AuthType Basic
AuthUserFile /var/www/html/test/.htpasswd
Require user sushanth

10. Note that AuthName requires quotes and whatever is in the quotes will be displayed on the login window.

11. Also be sure to include the user login names of the people who want to access the web site, next to the Require user line. In the above example is added my name.

12. Now create .htpasswd file in the same folder, in my case under test.

13. cd /var/www/html/test

14. htpasswd -cmb .htpasswd sushanth test123

15. Note that you must use your own name and password (replace sushanth and test123) and that the option cmb does the following: First it forces Creating of a new .htpasswd file. Since this is your first time adding a user it is necessary. Next the m option forces encryption and b allows you to include the user name and password immediately. In my case I created a new .htpasswd file, then added the user sushanth and her password test123.

16. Restart the apache services

17. test the website
www.test.com/test

18. There may come a time when you need to delete users from the access. You can do this easily enough by again editing the .htaccess file and running a command to delete the user from the .htpasswd file.

19. First, edit the .htaccess file and remove the user you do not wish to allow access to and save the file.

20. Second, delete the user from the .htpasswd file by typing this command at the prompt: htpasswd D sushanth
The option D is for delete. It should prompt you that user sushanth was deleted.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)