Apache: protect the contents of a directory

Published by TheJoe on

Estimated reading time: 2 minutes

Today we see a rather simple system for restricting access to a given directory available on an Apache web server so that we are prompted for credentials.

Let's say we have it available on the webserver, in addition to the main site, one or more complementary directories, il cui contenuto debba essere inibito all’utente abituale e reso disponibile solo a chi detiene le credenziali.

 |-> index.html
 |-> style.css
 |-> wordpress
 |-> protected_files

Nell’esempio qui sopra abbiamo, oltre ai file index and style le directory wordpress and protected_files. La prima conterrà tutti i contenuti del sito, la seconda conterrà i file che vogliamo nascondere dalla navigazione pubblica, proteggendoli con una password.

Per impostare una password su Apache sarà sufficiente creare i file .htaccess and .htpasswd all’interno della directory protected_files. All’interno di .htaccess inseriremo le righe seguenti:

AuthType Basic
AuthUserFile /web/htdocs/
Require valid-user

Prestare attenzione a specificare il percorso corretto interno al server, not the address reachable from the outside.

The file .htpasswd it will contain the username and password (of the password, only the hash will be saved). There are several online sites to generate the hash, or the htpasswd command from the apache-utils package (presumably already installed). To generate the content of .htpasswd run the following command from the terminal:

htpasswd -nbBC 10 pippo pluto

-b treats second argument as password (pluto)
-n show password as stdout response (it does not save it to a file)
-B use hashing function “bcrypt”
-C 10 set bcrypt cost to 10 (technically specifies an iterative count of key expansion in a power of two)

In this example we will create the credentials with user “Foo” e password “pluto“. The output will be the following:

Foo:$2and $ 10 $ Vr456iXtzafSd21bK8ZTguSTLRcaBFoOMUgA1ZwLJRuFQFf.6QQCW

We paste the output as it is in the file .htpasswd, we upload both files to the directory “protected_files” and reload the page.

Look here:  Change the dpi / ppi of an image with Gimp
User e password su Apache - Screenshot


I keep this blog as a hobby by 2009. I am passionate about graphic, technology, software Open Source. Among my articles will be easy to find music, and some personal thoughts, but I prefer the direct line of the blog mainly to technology. For more information contact me.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.