Protecting Folders using Passwords with WampDeveloper
How-to generate an .htpasswd file with the proper usernames and passwords in it by using Apache's 'htpasswd.exe' application.
Example to Restrict Access to the /stats URL
To protect URL http://www.example.com/stats to only allow access to user 'john' (and a password)...
1. Run 'cmd.exe' to open the command line (or click WampDeveloper's System Tab, 'Command Line' button), enter the following commands...
C: cd \WampDeveloper\Websites\www.example.com mkdir htpasswd cd htpasswd mkdir stats cd stats htpasswd -c .htpasswd john
These lines will:
- Change the working directory to drive C: and path \WampDeveloper\Websites\www.example.com (you'll need to use your own installation path if WampDeveloper was not installed to C:\WampDeveloper).
- Create sub-directory htpasswd\stats\, which will hold the .htpasswd file.
- Use htpasswd.exe to create the .htpasswd file with an initial user 'john' (and the asked password).
Note that htpasswd's -c switch creates the '.htpasswd' file, if this file already exists and you use the -c switch, the file will be overwritten. To add a second user do not use the -c switch.
2. Edit the website's VirtualHost configuration file (Websites Tab, select website, 'Configurations' button) to enable the .htpasswd functionality for a specific URL location.
Inside the <VirtualHost ...> block, add:
<Location /stats> AuthName "Stats Access" AuthType Basic AuthUserFile "C:/WampDeveloper/Websites/www.example.com/htpasswd/stats/.htpasswd" Require valid-user </Location>
Note the specific URL and .htpasswd file paths. Replace with your own values.
Another option (instead of editing the VirtualHost configuration as above) is to use an .htaccess file, residing in the directory/folder you wish to protect.
AuthName "Stats Access" AuthType Basic AuthUserFile "C:/WampDeveloper/Websites/www.example.com/htpasswd/stats/.htpasswd" Require valid-user
This option will only work for true URLs ... urls that correspond 1-to-1 with a website's DocumentRoot sub-directory. The previous example was for WampDeveloper's URL '/stats', which is not a directory, but is rather a URL "alias" to another directory (WampDeveloper provides a global /stats URL for every website, that maps-out to a single copy of AWStats log analyzer) and hence must use a "Location" container (which cannot be used / does not make sense in an directory specific .htaccess file).
3. Restart Apache.
For a user to log out after authentication, all browser windows have to be closed. Closing only the specific browser tab will not log the user out.