Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: How to use .htaccess and .htpasswd |
|
| Author |
|
Robotbuilder
Joined: 23 Jan 2014
Posts: 6
|
 Posted: Sun 26 Jan '14 5:06 Post subject: How to use .htaccess and .htpasswd |
 |
|
| I am have trouble using .htaccess and .htpasswd to password-protect a directory on my web server. How do I use .htaccess and .htpasswd to protect a directory? |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Mon 27 Jan '14 2:26 Post subject: |
|
|
from the command line is Apache's /bin folder
htpasswd -bc /path/to/.htpasswd username1 password1
htpasswd -b /path/to/.htpasswd username2 password2
* note only -b is used from the second user/pass set on as -c creates a new file or in this case overwrites the one you just started
In the .htpasswd file it should then look similar to:
username1:$apr1$MRh5y2ih$6LZcanCsIdyNGBT2KzUFs1
username2:$apr1$XVu7nTcd$Is67aPCgKLopofAH7Blcu.
The stuff after the $apr1$ will be different
In the .htaccess file;
AuthName "Can be anything you want here"
AuthType Basic
AuthUserFile /path/to/.htpasswd
Require valid-user |
|
| Back to top |
|
Robotbuilder
Joined: 23 Jan 2014
Posts: 6
|
| Posted: Tue 28 Jan '14 0:08 Post subject: |
|
|
So I would type in to my command prompt: htpasswd -bc /path/to/.htpasswd username1
to create a new .htaccess file? Of course I would fill in the file path and type in my username. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Tue 28 Jan '14 7:43 Post subject: |
|
|
Yes, don't forget your password (which is what the b in -bc means).
| Code: | Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Apache24\bin>htpasswd
Usage:
htpasswd [-cimBdpsDv] [-C cost] passwordfile username
htpasswd -b[cmBdpsDv] [-C cost] passwordfile username password
htpasswd -n[imBdps] [-C cost] username
htpasswd -nb[mBdps] [-C cost] username password
-c Create a new file.
-n Don't update file; display results on stdout.
-b Use the password from the command line rather than prompting for it.
-i Read password from stdin without verification (for script usage).
-m Force MD5 encryption of the password (default).
-B Force bcrypt encryption of the password (very secure).
-C Set the computing time used for the bcrypt algorithm
(higher is more secure but slower, default: 5, valid: 4 to 31).
-d Force CRYPT encryption of the password (8 chars max, insecure).
-s Force SHA encryption of the password (insecure).
-p Do not encrypt the password (plaintext, insecure).
-D Delete the specified user.
-v Verify password for the specified user.
On other systems than Windows and NetWare the '-p' flag will probably not work.
The SHA algorithm does not use a salt and is less secure than the MD5 algorithm.
C:\Apache24\bin>htpasswd -bc .htpasswd joedirt parentsabandonedme
Adding password for user joedirt
C:\Apache24\bin>htpasswd -b .htpasswd georgejungle treeahead
Adding password for user georgejungle |
|
|
| Back to top |
|
|
|
|
|
|
