Implement User/Password-protected Directories
- Make sure that directory C:\www\Apache2\bin is specified under the System Path variable (if you installed our Web-Server Suite package, this is set). We will use a program named htpasswd.exe, that is contained under the mentioned directory, to create a password file for the specified users.
Create the protected Directory
This section will show you how to create directory "private" outside the Web-Server's webroot directory "C:\www\webroot" using the command prompt.
Open the Windows command-shell via Start » Run... cmd.exe <click ok>
Change to the drive letter of your Web-Server Suite's root directory (this is the drive you installed the Web-Server Suite under; for this example we will use drive "C:")......> C:
Change to the path of your Web-Server Suite's root directory (for this example we will use path "\www")...C:\...> cd \www
Create the directory you want to restrict access to with a user/password prompt (we will create directory named "private")...C:\www> mkdir private
Change to your newly created directory...C:\www> cd private
Create user/password file
Continuing from the previous section, we are now ready to use htpasswd.exe to create a file named ".htpasswd": this file will contain user names with their respective passwords (the passwords will be encrypted before placed under the file).
This 1st line (with switch "-c" -- that will not be repeated in the following lines) will create a file named .htpasswd under the current directory (C:\www\private). The password given will be encrypted by the htpasswd.exe program (due to the "-m" switch -- MD5 encryption).
User named "user1" with password "passuser1" is specified 1st...C:\www\private> htpasswd -cmb .htpasswd user1 passuser1
Add user named "user2" with password "passuser2" to the .htpasswd file...C:\www\private> htpasswd -mb .htpasswd user2 passuser2
Add user named "user3" with password "passuser3" to the .htpasswd file...C:\www\private> htpasswd -mb .htpasswd user3 passuser3
Configuration -- httpd.conf
We can now edit Apache's httpd.conf file to bring everything together.
Edit file C:\www\Apache2\conf\httpd.conf
Make sure that the following two 'LoadModule' lines are uncommented, by removing the beginning "#" character...
(These 'LoadModule' lines should already be uncommented, by default)
LoadModule alias_module modules/mod_alias.so
Uncomment the following two 'LoadModule' lines, by removing the beginning "#" character...
(The 1st line is required for directive 'AuthUserFile')
(The 2nd line is required for directive 'Options Indexes': to display the index of a directory)
LoadModule autoindex_module modules/mod_autoindex.so
<Files ~ "^\.ht"> Order allow,deny Deny from all </Files> Alias /private "/www/private" <Directory "/www/private"> Order allow,deny Allow from all Options Indexes AuthType Basic AuthName "Private Access" AuthUserFile "/www/private/.htpasswd" Require valid-user </Directory>
Save file and Restart Apache...
(from the command prompt type the following)
> net start Apache2
Test protected Directory
Enter one of the user/password combinations...
You should now see either the directory structure, or (if you have an index.html\php file under the accessed directory) your index file.
To [truly] logout as the user, you must close the browser window.
Advanced Configurations and Features
You can also grant/restrict access to the user/password protected directory with IP addresses...
Replace the original "<Directory "/www/private">" block with this updated version...
(or simply replace the first two lines of the original block)
<Directory "/www/private"> Order deny,allow Deny from All Options Indexes AuthType Basic AuthName "Private Access" AuthUserFile "/www/private/.htpasswd" Require valid-user </Directory>
Below the line...
..add the following code...
Allow from 127.0.0.1 Satisfy Any
...if you access the protected area from your local system (IP address -- 127.0.0.1), there will be no need to enter a user/password combination.
(Note that you can add multiple "Allow from ip-address" statements to grant access)
...by using the following code instead...
Allow from 127.0.0.1 Satisfy All
...you will have to access the protected area from your local system (IP address -- 127.0.0.1) AND will need to enter a valid user/password combination.