Tuesday 21 June 2011

Htaccess Configuration



1. create file #vi  .htaccess
___________________________________________
AuthName "Authorized Users Only."

AuthType Basic

AuthUserFile /etc/httpd/conf/.htpasswd

require user testusr
-----------------------------------------------------------------------------------------

Copy this file to wherever directory you want to protect

__________________________________________________

2. create user
#adduser   testusr
#passwd   testusr

3. Tell Apache about User

#htpasswd  -c /etc/httpd/conf/.htpasswd  testusr

The above command will work if you have htpasswd in your /usr/local/bin and it happens if you install Apache from RPM. /etc/httpd/conf/.htpasswd is the location of file that will contain the authenticated/trusted user password.

OR

$ cd /apache/bin/

$ ./htpasswd -c /etc/httpd/conf/.htpasswd   testusr

4. .htpasswd File Permission:

chown apache.apache  /etc/httpd/conf/.htpasswd

5. Editing httpd.conf
________________________________________________________

<Directory "/var/www/html">
  AllowOverride AuthConfig
  Order allow,deny
  Allow from all
</Directory>

Now for second case, when we have several sites hosted, i.e. VirtualHost:

<VirtualHost www.cbtcandy.org>
  DocumentRoot /var/www/html/cbtcandy
  ServerName www.cbtcandy.org
  <Directory /var/www/html/cbtcany>

    AllowOverride AuthConfig
    Order allow,deny
    Allow from all
    Options -Indexes
  </Directory>
</VirtualHost>
__________________________________

6. Restart Apache

For RPM based system:

$ service httpd restart

For source based system, adjust your Apache's bin directory path.

$ /apache/bin/apachectl restart
__________________________________________________________________________________________________________

The following code uses your htaccess authentication but incorporates the "Satisfy Any" and "Allow" directives to allow google, CSS and XHTML validation via w3.org, and the web developers IP to access the site without being prompted for a password. Everyone else is prompted for a password.


# Allow google and developers IP access without pw
AuthName "Authorized Users Only."
AuthType Basic
AuthUserFile /etc/httpd/conf/.htpasswd
require user testusr
Order deny,allow
Deny from all
Allow from 24.205.23.222
Allow from w3.org
Allow from htmlhelp.com
Allow from googlebot.com
Allow from google.com
Allow from google-analytics.com
Satisfy Any

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)