Friday, April 19, 2013

Create .htaccess & .htpasswd files for your web projects


Make secure your web Project in Apache using .htaccess

Create a filename .htaccess and put following content in it.

AuthName "Restricted Area"  AuthType Basic  AuthUserFile /opt/lampp/.htpasswd  AuthGroupFile /dev/null  require valid-user

Create a filename .htpasswd and generate a password using following site.
http://www.htaccesstools.com/htpasswd-generator/

Enter Username and Password. Click on create.
Now copy the generated line and paste into your .htpasswd file.
The .htpasswd file contains only this, a username:encrypted password

root:$apr1$7I58.7SX$zkt0..fl0ZBwU3ShGpDjZ1

a) In .htaccess file, AuthUserFile is path of the directory, where .htpasswd file is placed.
In above example I am trying to make my phpmyadmin password protected that's why I have put my .htpasswd file in parent directory and .htaccess file in /opt/lampp/phpmyadmin.
Now when I try to access http://localhost/phpmyadmin , It asks password to open the phpmyadmin.

b) Put the .htpasswd file in parent directory of the password protected directory and place the .htaccess in directory which you want to protect.

c) In above example username is root & password is linux.

d) It asks for password when directory is accessed through browser.

e) Once you put the log-in details and open your website, you have to close the browser completely to see the log-in box again. It does not ask the password every time you refresh the page.


To protect a single file instead of whole directory


If you do not want to protect whole directory instead of you want to protect single file.
Example : If you or anyone in LAN access your phpinfo.php , you want it should ask password.
In this case the contents of .htaccess file is
AuthName "Name of Page" AuthType Basic AuthUserFile /opt/lampp/htdocs/.htpasswd <Files "phpinfo.php"> require valid-user </Files>

Put the .htaccess in the directory where file you want to  protect is placed.

In this example, I want to protect my phpinfo.php. This file is placed in /opt/lampp/htdocs/xampp that's why I have put the .htaccess in xampp directory and .htpasswd in parent directory of xampp.

It will ask for password when user tries to access that file using browser.
http://localhost/xampp/phpinfo.php
But it will not ask for password if you try to access the directory.

No comments:

Post a Comment