[Tfug] Well now it's an Apache security rodeo...

Jim March 1.jim.march at gmail.com
Fri Jul 3 19:05:22 MST 2009


On Fri, Jul 3, 2009 at 4:57 PM, Matt Jacob<matt at mattjacob.com> wrote:
> If you're running Apache as your web server, it's fairly trivial to
> set up HTTP Basic Authentication:
>
> http://httpd.apache.org/docs/2.2/howto/auth.html
>
> Matt

Ehhhh...it ain't working.

Hmmmm.

OK, here's exactly what I did:

1) I figured out where my web-stuff was sitting: /var/www

2) I put a file there name of .htaccess containing:

---
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require user zmuser
---

3) I made sure the directory /usr/local/apache/passwd/passwords
existed with everybody-can-read-it permissions (only root can write).

4) I ran the command:

sudo htpasswd -c /usr/local/apache/passwd/passwords zmuser

...and gave it a password DIFFERENT from the user login password (user
is logging into XUbuntu as zmuser and passwords are NOT default).

And...shouldn't that have done it?

There's directories under /var/www that contain data being served -
should I copy that .htaccess file down into them?

Note that I don't need separate user access levels for multiple
users...there's just the shop owner going to use this.

Thanks!

Jim




More information about the tfug mailing list