Sat, 01/05/2010 - 18:17 — horuskol

If you want to lockdown your website, but do not need a full user access solution built in PHP or ASP, etc, you can make use of a variety of authentication options with Apache.

This example uses the basic authentication methods available to the core of Apache httpd:

AuthUserFile /var/www/your-website/.htpasswd
AuthType Basic
AuthName "Authentication Required"
Require valid-user

.htpasswd file
In order for this to work properly, you will need to create a .htpasswd file (actually, you can call it what you like as long as you point the .htaccess file to it using the AuthUserFile).

To create the file, open a terminal and open the document root for your website. Then enter the following command:

/var/www/your-website$ htpasswd -c .htpasswd admin

You will then be prompted to enter a password for the user to be known as 'admin'. This will create the file with this user.

You can add subsequent users by entering the following:

/var/www/your-website$ htpasswd .htpasswd another-user