4

I would like to protect a web folder via .htpasswd. However, as the .htaccess file is under version control, I would prefer to not mess with it.

Instead, I would like to have the configuration in
/etc/apache2/sites-enabled/mysite
/etc/apache2/.htpasswd

Any idea what I need to put in the "mysite" apache configuration file?

So far it is sth like this,

<VirtualHost (ip address):80>
  ServerName   my.domain
  DocumentRoot /var/sites/sitename
  ServerAdmin  ...
</VirtualHost>
donquixote
  • 4,877
  • 3
  • 31
  • 54

1 Answers1

5

Heureka, I figured it out myself.. or what I think to be the solution.

<VirtualHost (ip address):80>
  ServerName   my.domain
  DocumentRoot /var/sites/sitename/
  ServerAdmin  ...
  <Directory /var/sites/sitename/>
    AuthUserFile  /etc/apache2/.htpasswd
    AuthGroupFile /dev/null
    AuthName  "What is the pw"
    AuthType Basic
    require user (username)
  </Directory>
</VirtualHost>

The .htpasswd can be created in the usual way via commandline,

# htpasswd /etc/apache2/.htpasswd (username)

EDIT: anthony in the comment below strongly recommends you use https/SSL, to prevent the password from being sent unencrypted.

donquixote
  • 4,877
  • 3
  • 31
  • 54
  • As a note, I tried this before without the nested , and this resulted in an error on apache restart. So, it seems the "" is necessary to wrap the Auth configuration. – donquixote Sep 26 '11 at 15:20
  • WARNING: this is being done in HTTP protocol, which essentially means you users will be sending usernames and passwords in the clear across the network. You need to also ensure the directory is ONLY accessible via the HTTPS (SSL) protocol, and you should ensure any automatic redirect from HTTP to HTTPS happened BEFORE the authentication is queried. – anthony Jan 24 '18 at 06:05