9

I'm setting up Trac, and want to password protect the login page, as suggested here. I'm on a shared hosting setup, so I can't modify the httpd.conf, I have to use .htacces. How do I restrict just the login page without restricting other pages? The Trac docs suggest:

<Location "/trac/login">
  AuthType Basic
  AuthName "Trac"
  AuthUserFile /somewhere/trac.htpasswd
  Require valid-user
</Location>

But the Location tag is only for httpd.conf, it doesn't work in .htaccess. How can I get the same effect? There's no "login" directory to put a .htaccess file into, it needs to go into the main trac directory.

Martin C. Martin
  • 239
  • 1
  • 3
  • 5

3 Answers3

3

This is just a guess, but can you place that in a .htaccess file, minus the <Location> and </Location> tags, inside the /trac/login directory?

Also, be sure to have your htpasswd file outside the document root (commonly public_html) otherwise it can be downloaded and cracked.

mlambie
  • 1,221
  • 2
  • 16
  • 22
0

It turns out, dreamhost has a page on this very problem. Short answer: there's no good way to do it through apache configuration, so use the TracAccountManager plugin instead.

Martin C. Martin
  • 239
  • 1
  • 3
  • 5
-2

In apache 2.4 this can be done by modifying the allow override directive in root httpd.conf or specifically for your host.

https://httpd.apache.org/docs/2.4/howto/htaccess.html

<Directory "/www/htdocs">
        AllowOverride All
</Directory>

<Location "/trac/login">
  AuthType Basic
  AuthName "Trac"
  AuthUserFile /somewhere/trac.htpasswd
  Require valid-user
</Location>
JonTheWong
  • 11
  • 3