I have a setup similiar to this
httpd.conf, example
Im not a pro and this example may be bad but I use a similiar setup myself (it works) and if someone can add best-practise-knowledge would I be more then happy.Code:<Directory "/path/to/directory/to/protect/"> Options Indexes FollowSymLinks MultiViews ExecCGI Includes AllowOverride AuthConfig Order allow,deny Allow from all AuthUserFile /path/to/directory/to/protect/.htpasswd AuthName "Login" AuthType Basic <Limit GET POST> require valid-user </Limit> </Directory>
(You may also want to change the "Options" line to suit you better then in my example).
If you add these lines above to the httpd.conf then you will not need to create the .htaccess file. But I added a example below just incase you not have access to the httpd.conf.
One thing: Its not good practice to have the .htpasswd file in the directory you want to protect (like in the example) but sometimes you don't have access to a directory outside the http/web-directory, if possible store the .htpasswd file at another location not direct accessible for visitors.
.htpasswd, example
Generate the pasword file with 'htpasswd', sometimes has it failed for me to create it direct were I want it, so I had to create it first and then cp or mv it to the correct location.
.htpaccess, example
Hope this will be to any help.Code:AuthUserFile /path/to/directory/to/protect/.htpasswd AuthName "Login" AuthType Basic <Limit GET POST> require valid-user </Limit>
~micael
Reply With Quote