Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The "PasswordBasicAuth" page has been changed by thumbs: http://wiki.apache.org/httpd/PasswordBasicAuth?action=diff&rev1=9&rev2=10 Comment: Added examples for 2.4 In this How-To guide, we will show you how to set up a password protected directory using basic authentication. - Authentication directives in Apache can be used in the following contexts - directory and htaccess. For directory context this means in '''<Directory>''', '''<Location>''', and '''<Files>''' blocks in your httpd.conf or your distro's main Apache config file or virtual host config file. Additionally, for Apache 2.2, '''<Proxy>''' blocks are also included in the directory context. The htaccess context is self explanatory. This means you can use authentication directives in htaccess files. In this tutorial, we will show recipes for both contexts. + The first section focuses on Apache httpd 2.2, and the new directives for 2.4 will be covered in the last part of this document. + Authentication directives in Apache httpd can be used in the following contexts - directory and htaccess. For directory context this means in '''<Directory>''', '''<Location>''', and '''<Files>''' blocks in your httpd.conf or your distro's main Apache config file or virtual host config file. Additionally, for Apache httpd 2.2, '''<Proxy>''' blocks are also included in the directory context. The htaccess context is self explanatory. This means you can use authentication directives in .htaccess files. In this tutorial, we will show recipes for both contexts. + - The first thing in this example we need to do is to create a directory to password protect in our document root. Let's say our document root is '''/var/www/html'''. We'll create a directory called '''protected''' in the document root - '''/var/www/html/protected'''. + The first thing we need to do in this example is to create a directory to protect in our document root. Let's say our document root is '''/var/www/html'''. We'll create a directory called '''protected''' in the document root - '''/var/www/html/protected'''. The next thing to do is to create a password file with users. We will use the htpasswd utility provided in the core Apache package. The password file can be stored anywhere on your hard drive. In our example we will create our htpasswd file in '''/etc/htpasswd'''. @@ -72, +74 @@ Using either recipe, you can now go to http://localhost/protected and be prompted by the browser to enter your credentials. If you enter correct credentials you will be granted access to '''protected'''. If you don't enter correct credentials, you will be continually prompted to enter credentials until you enter correct credentials or click the '''Cancel''' button. <<BR>> + For Apache httpd 2.4, the authorization mechanism has been revamped. Here is a sample of a configuration that uses basic HTTP auth for the entire DocumentRoot, and allows public, non-restricted access for a specific directory: + + Assuming a DocumentRoot value of "/srv/httpd/htdocs", + + {{{ + <Directory "/srv/httpd/htdocs"> + Options +FollowSymLinks +Multiviews +Indexes + AllowOverride None + AuthType basic + AuthName "private" + AuthUserFile /srv/httpd/.htpasswd + Require valid-user + </Directory> + + <Directory /srv/httpd/htdocs/public> + Require all granted + </Directory> + }}} + + The password file would be created in the same fashion as it would be on 2.2. + For more complete information on the Apache directives used, see the [[http://httpd.apache.org/docs/|Apache Docs]]. --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
