Friday, January 23, 2009

.htaccess Based Authentication On Subdirectories

.htaccess files provides a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.

Note: we can call our .htaccess file something else, we can change the name of the file using the AccessFileName directive. For example, if you would rather call the file .config then you can put the following in your server configuration file:

$ vi /etc/httpd/conf/httpd.conf

In the file find out AccessFileName it will be .htaccess by default as show below so change it to any name that you want.

AccessFileName .htaccess

What you can put in these files is determined by the AllowOverride directive. This directive specifies, in categories, what directives will be honored if they are found in a .htaccess file. If a directive is permitted in a .htaccess file, the documentation for that directive will contain an Override section, specifying what value must be in AllowOverride in order for that directive to be permitted.

Here I assume that your DocumentRoot directory is /var/www/html but if you have VirtualHost configuration or even Apache is configured on some other root directory then you can adjust this according to your situation.

Note: I took three dummy directores test-dir1, test-dir2 and nsit.

1 Creating Directory:

$ cd /var/www/html

$ mkdir test-dir1

$ mkdir test-dir2

$ mkdir nsit



2 Test HTML File Creation:

Creating html file in first directory.

$ cd /var/www/html/test-dir1

$ cat > index.htm


I am unable to write the source code here as it not accepted so just make a test page with a single line "Test Page".

Creating html file in second directory.

$ cd /var/ www/html/test-dir2

$ cat > index.htm


I am unable to write the source code here as it not accepted so just make a test page with a single line "Test Page".

Creating html file in third directory.

$ cd /var/www/html/nsit

$ cat > index.htm


I am unable to write the source code here as it not accepted so just make a test page with a single line "Test Page".


3 Browsing Test Pages:

Now you can browse and test, whether the pages are available or not, by opening any web browser and access either through local host or through IP address, i will go for both and to access through IP we have to make a little change in the httpd.conf file and then we can access through IP, given is the line we include int the file.

ServerAdmin root@10.110.1.9


http://localhost/test-dir1/


This will display the first directory test page, and

http://localhost/test-dir2/

will display the second test page in test-dir2.

http://localhost/test-dir2/

will display the third test page in nsit.

OR

http://10.110.1.9/nsit

it should display the nsit page.

http://10.110.1.9/test-dir1

it should display the nsit page.

http://10.110.1.9/test-dir2

it should display the nsit page.

If you are able to see all three pages, it means that we are almost done with the work.


4 .htaccess File Creation:

$ cd /var/www/html/test-dir1

$ vi .htaccess


Write the following lines into this file:

AuthName "Authorized Users Only."

AuthType Basic

AuthUserFile /etc/httpd/conf/.htpasswd

require user testusr


Now I will explain, what magic lines we have written in this file:

AuthName parameter just defines the title of the password entry box when the user logs in, while the AuthType tells the server what sort of processing is in use, and Basic is the most common and perfectly adequate for almost any purpose. AuthUserFile is used to define the .htpasswd file location, this files contains the password of the user who is going to be authenticate in .htaccess file. require user is used to identify the trusted user, if there are more than one trusted user, then you can specify their names in a space saparated list.

Now to make test-dir2 protected by .htaccess, we need to copy it from test-dir1 to test-dir2 and nsit with the following command:

$ cp /var/www/html/test-dir1/.htaccess /var/www/html/test-dir2/

$ cp /var/www/html/test-dir1/.htaccess /var/www/html/nsit/


5 User Creation:

Here we will create a test user to check our .htaccess

$ adduser sohail

$ passwd sohail



6 Telling Apache About Users:

Now we have to inform Apache about the user and its password, but before going into this step there is a social duty on me i.e. to explain both RPM and source Apache installation difference. :) If you have installed Apache from RPM then it will install all related commands in your /usr/local/bin, so no problems, you can give htpasswd command anywhere in your system, but if you have installed Apache from source then you have to find the Apache bin directory to execute the htpasswd command. In this HowTo I will give both ways, here it is:

$ htpasswd -c /etc/httpd/conf/.htpasswd sohail

The above command will work if you have htpasswd in your /usr/local/bin and it happens if you install Apache from RPM. /etc/httpd/conf/.htpasswd is the location of file that will contain the authenticated/trusted user password.

OR

$ cd /apache/bin/

$ ./htpasswd -c /etc/httpd/conf/.htpasswd sohail


The above commands correct if you have installed Apache from the sources, $ cd /apache/bin can be adjusted according to your system, as maybe you have installed it somewhere else.


7 .htpasswd File Permission:

We need to set the file permission of the .htpasswd file and make the apache user the owner of this file.

$ chown apache.apache /etc/httpd/conf/.htpasswd



8 Editing httpd.conf:

Now we have to edit the httpd.conf, as Apache needs to be informed about .htaccess, here we will change AllowOverride All | none to Authconfig, now there are two cases, one if you are hosting just one site and other if you are having VirtualHost, here is the First Case:

In this case you, we have only one Directory tag in httpd.conf file as we are hosting just one site, so we will edit the tag for /var/www/html.

Directory "/var/www/html"
AllowOverride AuthConfig
Order allow,deny
Allow from all
/Directory


Now for second case, when we have several sites hosted, i.e. VirtualHost:

VirtualHost www.cbtcandy.org
DocumentRoot /var/www/html/cbtcandy
ServerName www.google.com
Directory /var/www/html/google

AllowOverride AuthConfig
Order allow,deny
Allow from all
Options -Indexes
/Directory
/VirtualHost


NOTE:I am not using less than and greater than sign (<, >) with the code above as not here html code is not accepted, so pardon for that.

9 Restarting Apache:

Now you have to restart the Apache server to reload the configuration.

For RPM based system:

$ service httpd restart

For source based system, adjust your Apache's bin directory path.

$ /apache/bin/apachectl restart


10 Testing:

Now everything is ready to be tested, again open your favourite browser and try to open the following links:

http://localhost/test-dir1/

and

http://localhost/test-dir2/

and

http://localhost/nsit

OR

http://10.110.1.9/test-dir1

and

http://10.110.1.9/test-dir2

and

http://10.110.1.9/nsit

Note: When you browse these linksyou will be asked for the username and password, once you provide them it will take you to the test page. But once you log in to one directory it will not require the username and password for the other test directory, as Apache will not ask for the username and password again and again for directories equal in level or subdirectories. So once you are authenticated the child and parallel directories are open to use. But if you still want to check them then use links text based browser, that is what I do for checking them.

3 comments:

Unknown said...

replica watches, ugg boots, ralph lauren pas cher, oakley sunglasses, louis vuitton, nike roshe run, chanel handbags, burberry, kate spade outlet, louis vuitton outlet, nike outlet, longchamp, louboutin shoes, gucci outlet, ray ban sunglasses, air jordan pas cher, nike free, jordan shoes, sac longchamp, uggs on sale, louboutin, nike free, cheap oakley sunglasses, nike air max, prada outlet, air max, christian louboutin outlet, tory burch outlet, longchamp pas cher, polo ralph lauren outlet, ugg boots, polo ralph lauren outlet, louis vuitton, replica watches, nike air max, louboutin pas cher, oakley sunglasses, tiffany jewelry, oakley sunglasses, ray ban sunglasses, louis vuitton, prada handbags, michael kors, ray ban sunglasses, louis vuitton outlet, louboutin outlet, longchamp outlet, oakley sunglasses, longchamp outlet, tiffany and co

Unknown said...

vans shoes, beats by dre, ghd, lancel, herve leger, new balance, ray ban, ralph lauren, abercrombie and fitch, celine handbags, north face outlet, birkin bag, louboutin, chi flat iron, soccer jerseys, nike air max, ferragamo shoes, mont blanc, insanity workout, hollister, jimmy choo shoes, nfl jerseys, soccer shoes, nike huarache, nike air max, nike roshe, wedding dresses, instyler, iphone cases, p90x workout, timberland boots, reebok shoes, mcm handbags, gucci, oakley, hollister, asics running shoes, valentino shoes, longchamp, converse, vans, converse outlet, baseball bats, hollister, north face outlet, bottega veneta, lululemon, babyliss, mac cosmetics, nike trainers

Unknown said...

bottes ugg, ugg boots uk, ugg,uggs,uggs canada, canada goose uk, canada goose outlet, pandora jewelry, moncler, hollister, marc jacobs, swarovski, juicy couture outlet, replica watches, canada goose, moncler, swarovski crystal, links of london, wedding dresses, moncler outlet, thomas sabo, karen millen, pandora jewelry, moncler, montre pas cher, juicy couture outlet, ugg pas cher, louis vuitton, moncler, moncler, louis vuitton, moncler, louis vuitton, supra shoes, coach outlet, canada goose, toms shoes, ugg,ugg australia,ugg italia, moncler, doudoune canada goose, canada goose, canada goose outlet, louis vuitton, pandora charms, canada goose, sac louis vuitton pas cher, pandora charms