htpasswd Apache 2 authentication with exeption ip.

Posted on by

htpasswd? Hi guys, today I’m just bringing a note about htpasswd hope it will be useful for someone as this knowledge has been for me.

htpasswd is a tool for apache able to secure folders in a web directory, that means that the folder is public, but protected with password. this functionality is very useful for instance to install systems that have no internal security like Sarg the web app to read Squid logs, Munin to read servers performance, also if you want to share a folder with a friend or even when you need to secure your own web applications and you do not want to create your own security module. in the other hand; htpasswd supports several authentication methods with different security level, but I am just going to describe the basics authentication.

Now let’s stop talking and start doing; to create the password file with the first user you are supposed to execute the following command:

# htpasswd -c /home/pwww/.htpasswd-users abel

The -c option is to create the file and abel is the user. /home/pwww, could be any folder in your filesystem.

Note: I am assuming you have all the packages that are required already installed, and your Apache is running with the target folder to share with password.

After you have created one user you can add as many as you want with the following.

# htpasswd /home/pwww/.htpasswd-users raik
# htpasswd /home/pwww/.htpasswd-users shorn

As you might have noticed the command is the same but without the -c option, as this option is only to create the file.

So far the file for the authentication is created and inside we have the users with the passwords; pretty but Apache does not know about them so they are useless. to say to Apache that a file is protected with htpasswd you have find the folder that you want to share with htpasswd and create a file colled .htaccess. this file is the first thing that Apache reads when he receives a request to a folder. So we create the file and inside we add the following code:

AuthType Basic
AuthUserFile /home/pwww/.htpasswd-users
AuthName "Enter password"
Require valid-user
AuthGroupFile /dev/null

This is nice and works perfectly, but what does it means? Well it means we are going to use basics authentication. The user are going to be in /home/pwww/.htpasswd-users, AuthName is just a name so and it will appear in the authentication prompt. Require valid user is to make people use a name and passwords in the database and authGroupFile is optional for in case you have groups, that why here is pointing to /dev/null.

Now let say we want to make every one authenticate using htpasswd except for your own computer, because you do not want to put a password to access your own computer resources. Or that you have a server where the folder is running and you want the server to be able to execute a cron task on any of this URLs.

we you just have to modify a little bit your script adding this at the beginning:

Satisfy any

and this at the end of the script:

order deny,allow
deny from all
allow from 127.0.0.1

So the final file would be like this:

# permit by USER || IP
Satisfy any
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
AuthName "Enter password"
Require valid-user
AuthGroupFile /dev/null
# IP
order deny,allow
deny from all
allow from 127.0.0.1

And that’s pretty much it… cheers guys.

Leave a Reply

Your email address will not be published. Required fields are marked *