Cookie

Apache: protect the contents of a directory

Published by TheJoe on

Estimated reading time: 2 minutes

Caution


This article was published more than a year ago, there may have been developments.
Please take this into account.

Today we see a rather simple system for restricting access to a given directory available on an Apache web server so that we are prompted for credentials.

Let's say we have it available on the webserver, in addition to the main site, one or more complementary directories, the content of which must be inhibited to the regular user and made available only to those who hold the credentials.

/
 |-> index.html
 |-> style.css
 |-> wordpress
 |-> protected_files

In the example above we have, in addition to files index and style le directory wordpress and protected_files. The first will contain all the contents of the site, the second will contain the files that we want to hide from public browsing, protecting them with a password.

To set a password on Apache it will be enough to create the files .htaccess and .htpasswd within the directory protected_files. Inside .htaccess we will insert the following lines:

AuthType Basic
AuthName "AREA RIVERVATA"
AuthUserFile /web/htdocs/www.sito.it/home/protected_files/.htpasswd
Require valid-user

Be careful to specify the correct internal path to the server, not the address reachable from the outside.

The file .htpasswd it will contain the username and password (of the password, only the hash will be saved). There are several online sites to generate the hash, or the htpasswd command from the apache-utils package (presumably already installed). To generate the content of .htpasswd run the following command from the terminal:

htpasswd -nbBC 10 pippo pluto

-b treats second argument as password (pluto)
-n show password as stdout response (it does not save it to a file)
-B use hashing function “bcrypt”
-C 10 set bcrypt cost to 10 (technically specifies an iterative count of key expansion in a power of two)

Look here:  VNC over SSH for secure connections

In this example we will create the credentials with user “Foo” e password “pluto“. The output will be the following:

pippo:$2y$10$Vr456iXtzafSd21bK8ZTguSTLRcaBFoOMUgA1ZwLJRuFQFf.6QQCW

We paste the output as it is in the file .htpasswd, we upload both files to the directory “protected_files” and reload the page.

User e password su Apache - Screenshot

Not enough?

Add a caption to the photo pop-up with CSS3 The lightest Linux distributions for older computers Security: Choose a password How to reset / reset the administrative password for WordPress Buttons using only CSS
Categories: SecuritySitesTipsWeb
Tags:

TheJoe

I keep this blog as a hobby by 2009. I am passionate about graphic, technology, software Open Source. Among my articles will be easy to find music, and some personal thoughts, but I prefer the direct line of the blog mainly to technology. For more information contact me.

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

GNU/Linux

F3: how to understand if the USB stick you bought is a rip-off

Caution This article was published more than a year ago, there may have been developments. Please take this into account. Making purchases online is very convenient, but it also exposes us to the risk of a lot of hassle. Read more…

GNU/Linux

Start a webserver quickly with PHP

Caution This article was published more than a year ago, there may have been developments. Please take this into account. I wasn't at home yesterday… And I remembered having an important file in Read more…

GNU/Linux

Send the shutdown command via the power button

Caution This article was published more than a year ago, there may have been developments. Please take this into account. Today we see how to shut down a computer with Debian physically without launching the “poweroff” from line Read more…