Tag: web security

.htaccess: Password protecting single files on your website

09/21/2015 Aaron Belchamber No Comments

This is very simple.  For any file you want to have its own password protection, create an .htaccess file in the folder the file resides.  Just replace “pagename.html” for the file.  Then, just go to our .htpasswd password generator and create the .htpasswd file in the format:  username:password, where username is the name required to log in and “password” is the encrypted version of the password that shows in the tool in the link above under “Create new .htpasswd password file” and be sure to save your .htpasswd file in the absolute server path to the .htpasswd file.

AuthUserFile /home/user/path/to/.htpasswd
AuthName "name of login prompt"
AuthType Basic
<files “pagename.html”>
require valid-user
</files>

One more note, you don’t need to save the “.htpasswd” file by this name, any name will do.  Learn a lot more about .htaccess by visiting the official Apache website.  I like to put the commonly used snippets and tips on my site so they’re easy to find for me later.

–  Aaron Belchamber
www.AaronBelchamber.com


Password protecting different environments on your website through .htaccess

06/06/2015 Aaron Belchamber No Comments

Apache .htaccess directives are pretty straight forward.  The “SetEnvIf” that passes different values if the conditions are met then are processed by the standard Deny/Allow directive.  Here’s a sample from Apache’s documentation:

#allow a single uri through .htaccess password protection
SetEnvIf Request_URI "/test_uri$" test_uri

 
#allows everything if its on a certain host
SetEnvIf HOST "^test.yoursite.com" test_subdomain_url

SetEnvIf HOST "^yoursite.com" live_url

Order Deny,Allow


AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/your/.htpasswd
AuthGroupFile /

Require valid-user

#Allow valid-user

Deny from all
Allow from env=test_uri
Allow from env=test_subdomain_url
Allow from env=live_url
Satisfy any

This is handy in case you want to control all password protected areas of your site all in one place.  I have even added an admin interface that can add new environments to the web root’s .htaccess file on the fly.  This is a simple way to improve your web security for different sections and works great!