Don’t hesitate to contact us if you have any feedback.

htpasswd – easy setup

by

Victor

in

Using a .htpasswd file is a common method to add an authentication layer to your folders or websites accessible via an Apache web server. Here is a step-by-step guide to setting this up:

Find the path of your website

Add a PHP file named show-path.php at the root of your website containing: 

<?php echo dirname(__FILE__) . '/.htpasswd'; ?>

This script will help you find the full server path to the root of your site, which is essential for correctly setting up the .htpasswd file.

Copy the displayed address.

Fill the .htaccess file

AuthUserFile [Previously copied address]/.htpasswd
AuthType Basic
AuthName "Authentification"
Require valid-user

Replace [Previously copied address] with the path you copied previously. This snippet of code configures the basic authentication settings, including the location of the .htpasswd file.

Create the .htpasswd file and clean-up

  1. Visit https://www.web2generators.com/apache-tools/htpasswd-generator
    • Enter a Username, a Password, and click on “Generate .htpasswd file”.
    • Create an entry in the password manager with the site, username, and password, setting the service name as htaccess.
    • Copy the generated line in the format like Username:$apr1$o3htr569$W8D95MkyuTfBmMlxidUR01
    • Create a .htpasswd file at the root of the site, on the same level as the .htaccess file, and paste the generated line into it.
  2. Delete the show-path.php file from the server For security reasons, it’s important to remove the show-path.php file once you have the path information you need.

Visit your site to test if the password works correctly After setting everything up, try accessing the protected area of your site. If prompted for a username and password and you can successfully log in with the credentials you set up, the authentication is working as intended.

This tutorial provides a concise guide to setting up basic authentication with a .htpasswd file on an Apache server. Remember, while .htpasswd provides a layer of security, it should not be solely relied upon for sensitive data protection. Always consider additional security measures.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *