.htpasswd and .htaccess

Discussion in 'Server Operation' started by willebanks, Sep 5, 2006.

  1. willebanks

    willebanks New Member

    Howdy all,

    Just a random question...I want to require user authentication via .htaccess for one of my virtual websites...I noticed that there are a number of locations where htpasswd resides. One of then seems to be tied to IPSConfig...or at least it is in the "path". Does it matter which htpasswd I use?

    I wouldn't think so but being new to most of this I want to be sure before I do something drastic and screw everything up!

  2. reddog

    reddog New Member

    hey willie

    you could try adding something like this in your httpd.conf
    <Directory "/your/path/to/htdocs/thedirectoryyouwanttoprotect">
        AuthType Basic
        AuthName "Restricted"
        AuthUserFile /path/to/apache2/passwds/.htpasswd
        require valid-user
    now, htaccess files are supposed to be a hit on performance of apache, because apache searches recursivly for your htacces files, using a directory directive is supposed to maintain performance. I could be a bit off on this, but thats the way i interpreted it.

    btw, i dont use ispconfig, so things may be a bit different, i dont know:D

    check this page out here: http://httpd.apache.org/docs/trunk/mod/core.html#directory

    good luck !
  3. willebanks

    willebanks New Member

    Hey reddog,

    You kinda got a little ahead of me there...but you answered my next question I think! :}) Here is the first one in more detail!

    In order to use the .htaccess file you have to make a .htpass file which requires the use of the htpasswd file..at least that is the way I reading things! The problem is that there are a number of htpasswd files on my system and I'm not sure if it matters which one I use to generate the .htpass file???

    Now for those that are using ISPConfig, in the http.conf there is a section that includes the directory path to all the virtual websites...in the directives the statements

    AllowOverride None
    AllowOveride Indexes AuthConfig Limit FileInfo

    pertain to the use of .htaccess file - again this is the way I'm understanding things. I should be able to use the .htaccess file in any of the virtual web sites with no problem or is there something I'm missing!

    Can I use the suggestion that reddog gave or is everything all ready setup?

    I hate over thinking things but I really don't what to screw up the works!

  4. falko

    falko Super Moderator ISPConfig Developer

    You can use any .htpasswd file, but then of course only the users that are listed in the .htpasswd file can authenticate. For access control you can use this in your .htaccess file, for example (put in the correct path to your .htpasswd file):

    AuthType Basic
    AuthName "Members Only"
    AuthUserFile /var/www/web1/.htpasswd
    <limit GET PUT POST>
    require valid-user
    You can also create a new .htpasswd file with the htpasswd tool. Have a look at
    man htpasswd
    .htaccess/.htpasswd authentication is no problem with the current settings, you don't have to change anything. :)
  5. willebanks

    willebanks New Member

    As usual you guys are on top with the advise and the right information!

    thank you!


Share This Page