Defcon-1-Logo

           [Home]    [FBSD Articles]    [Scripts Corner]    [Contribute]    [Search]    [FBSD Links]    [Files]

About Us

FreeBSD Articles
  *Hardware
  *Networking
  *Security
  *Software
  *X Windows


Files / Scripts
Newbies Corner
Tech. Talk
Tips and Tricks


FreeBSD Links

Articles in other
Languages :
  *French Articles
  *Spanish Articles

Want to Help ?
 
   Click Here

Email Users5

Search:
 

 


FreeBSD Search:


 

 

Powered-By-Apache-Logo

HTAccess with 4.x

 


- Author: Daniel Hemmerich [zartik]
- Date: December 26, 2000
- File Information: Avaliable at www.bsdpro.com and www.defcon1.org, e-mail author for permission to copy.
- Purpose: How to effectively use htaccess to help secure your web site's private sections.

To start, we need to create our user file. This is done with the htpasswd program which is provided with the apache distribution. Since we are just creating this user file, we need to use the -c flag. We will put the user file in /home/dan/users and we will be adding the user joe. We will then add a second user, sam. If we used the -c flag on the second user addition, it would erase our joe entry.

$ htpasswd -c /home/dan/users joe
$ htpasswd /home/dan/users sam


Now let us make the .htaccess file. Let's say you want to prevent people from viewing the directory (and it's subdirectories) /home/dan/web/private (URL http://www.danswebsiteforthishowto.com/private). You need to create and edit the file: /home/dan/web/private/.htaccess and put the following in it:


AuthName "put the name of your private area in here, must be a differant name than any other private area on your site"
AuthType Basic
AuthUserFile /home/dan/users
require valid-user


Just for a note, if you wanted to let joe in, but not sam, you could replace require valid-user with:


require user joe


You are going to need in your apache configuration file the following lines, the first is just to tell the server our file name for access will be .htaccess, and the second is to prevent on all sites the ability to view the file, because that would be an obvious security risk.


AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>


If you want your apache server to enable .htaccess, you must put in the <Directory /> directive: AllowOverride AuthConfig.

Also, if you have any questions, would like to make any comments, or just have some general input, please contact me at the e-mail address listed above in the Author field.

 

  Zartik

 

Email Us

ghostrdr@defcon1.org

This site cannot be duplicated without permission

© 1998 - 2010 Defcon1, www.defcon1.org. Copyrights for all materials on this web site are held by the individual authors, artists, photographers or creators. Materials may not be reproduced or otherwise distributed without permission of www.defcon1.org and the content's original author.