 |
 |
Password Protect a Directory in Apache
|
|
|
|
|
Addicted to MacNN
Join Date: Jan 2000
Location: Stoneham, MA, USA
Status:
Offline
|
|
Can someone help me add password protection to a directory in Apache? I looked it up in the Apache docs but its to confusing and I wasn't able to get it working.
|
|
|
| |
|
|
|
|
|
|
|
Occasionally Useful
Join Date: Jun 2001
Location: Liverpool, UK
Status:
Offline
|
|
|
|
|
"Have sharp knives. Be creative. Cook to music" ~ maxelson
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Sep 2000
Location: France
Status:
Offline
|
|
After you go over the steps from the link posted above, you'll need to do one extra step to ensure it works correctly : open the file httpd.conf located in /etc/httpd and, after the line "<Directory "/Library/WebServer/Documents>" change "AllowOverride None" to "AllowOverride All".
You'll need to restart the server after that (sudo apachectl graceful) to make the change happen.
|
|
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jan 2000
Location: Stoneham, MA, USA
Status:
Offline
|
|
Originally posted by Axel:
After you go over the steps from the link posted above, you'll need to do one extra step to ensure it works correctly : open the file httpd.conf located in /etc/httpd and, after the line "<Directory "/Library/WebServer/Documents>" change "AllowOverride None" to "AllowOverride All".
You'll need to restart the server after that (sudo apachectl graceful) to make the change happen.
My server documents are no longer in thier defualt locations, and I have virtual hosts... so
do I add AllowOverride All to my Directory container for this whole site, or do I create a seperate Directory Container for this specific protected directory, and add AllowOverride All to that container?
|
|
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jan 2000
Location: Stoneham, MA, USA
Status:
Offline
|
|
Nevermind. I don't even have .htaccess files turned on, so I made the new directory, put eveyrthing they said to put in the .htaccess file, in the directory in httpd.conf, and it works great!
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2001
Location: Chico, CA and Carlsbad, CA.
Status:
Offline
|
|
Ooooh, neat. This is a good trick to know. 
Now, the option to "AllowOverride", what exactly are you overriding?
|
"In Nomine Patris, Et Fili, Et Spiritus Sancti"
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jan 2000
Location: Stoneham, MA, USA
Status:
Offline
|
|
Originally posted by [APi]TheMan:
Ooooh, neat. This is a good trick to know.
Now, the option to "AllowOverride", what exactly are you overriding?
I actually didn't need to use any such line.
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Oct 2001
Location: London
Status:
Offline
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jun 2001
Location: Melbourne, Australia
Status:
Offline
|
|
Originally posted by l008com:
I actually didn't need to use any such line.
It's better performance-wise if you set AllowOverride None in your default httpd.conf, then turn it on on a per-directory basis within each of your virtual hosts. Otherwise Apache will traverse through your folder structure for each request rather than through only the necessary folders.
So for a brief example:
<VirtualHost 10.0.1.1:80>
AllowOverride None
Order allow,deny
Allow from all
<Directory "/path/to/protected/folder">
AllowOverride AuthConfig
</Directory>
</VirtualHost>
This sets the default override to None for speed, then only allows your .htaccess file in your protected folder to change settings for Password protection
|
|
Computer thez nohhh...
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jan 2000
Location: Stoneham, MA, USA
Status:
Offline
|
|
Originally posted by Simon Mundy:
It's better performance-wise if you set AllowOverride None in your default httpd.conf, then turn it on on a per-directory basis within each of your virtual hosts. Otherwise Apache will traverse through your folder structure for each request rather than through only the necessary folders.
So for a brief example:
<VirtualHost 10.0.1.1:80>
AllowOverride None
Order allow,deny
Allow from all
<Directory "/path/to/protected/folder">
AllowOverride AuthConfig
</Directory>
</VirtualHost>
This sets the default override to None for speed, then only allows your .htaccess file in your protected folder to change settings for Password protection
I have overrides off everywhere for speed, and what goes in teh htaccess file i put in a directory in the httpd.conf, that would be the fastest way to do it right?
|
|
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jun 2001
Location: Melbourne, Australia
Status:
Offline
|
|
Originally posted by l008com:
I have overrides off everywhere for speed, and what goes in teh htaccess file i put in a directory in the httpd.conf, that would be the fastest way to do it right?
Indeed, it would be faster to simply put all the info from the .htaccess file into a directory within your virtual host container in the httpd.conf file, and simply do away with the .htaccess file altogether!
.htaccess files are handier if you are an end-user who doesn't get control over the primary apache configuration (typically in an ISP situation) or you just don't want to tool around too much with the .conf files. But there is a performance tradeoff.
If you fine-tune your httpd.conf file you'll get much better performance and 'cleaner' folders within your website.
If you like, post an example of one of your Virtual Host containers (with the names and IP addresses changed to protect the innocent) and we can comment on it in more detail.
|
|
Computer thez nohhh...
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Oct 1999
Location: :ИOITAↃO⅃
Status:
Offline
|
|
Also, may I recommend Digest authentication if you don't want passwords transmitted in the clear.
I've compiled the up-to-date mod_auth_digest module for OS X; you can download it here.
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
