best way to protect ALL directories in Apache

Tea_J

HI guys

I have a simple Apache/PHP/MySQL running on a windows machine..

i would like to authenticate ALL incoming connections to the apache server, something like an .htaccess file but not only for one directories but for all directories.

But i also want local connections (me) to not have to login..

umm.. i think the solution is not php but somehow with apache's configuration or something..

thanks

drew010

if you put the htaccess file requiring authentication in your root directory it will protect every directory under it, as with all directives in a root directory apply to the directories inside it. as for local connections not having to login im not sure on that.

Tea_J

i see.. yah. wus thinking about that too.. but.. would it work with VIRTUAL directories?

i've set virtual directories on my config file.

eg
c:/apache/htdocs/ (base directory)
d:/projects/ (virtual directory)

mtmosier

Adding this to your httpd.conf will make everyone log in except those coming from 127.0.0.1 (locahost). Watch out for sections which say "Allow from all" though, as that may override this.

<Directory />
    Satisfy any

Order deny,allow
Deny from all
Allow from 127.0.0.1

AuthUserFile /path/to/htpassword
AuthName "Members Only"
AuthType Basic
Require valid-user
</Directory>

edit - This will protect vhosts as well, as long as they're under "/". I'm not sure how the directory is specified in windows.

Tea_J

forgive me but im new to apache management...

Where do I put the username and password combination?

thank u!

mtmosier

Generally you use a program which comes with apache called htpasswd. It should be in your apache\bin directory.

htpasswd -c filename username

Use "-c" to create a new file, or leave it out to add to / modify an existing file.

Tea_J

thanks got it!

phpprogrammer

Hi mtmosier,

could you give me the structure of the htpasswd file

regards,
bvsureshbabu

mtmosier

Sure. It's just one user per line, as username colon hashed password. So looks something like this.

test:LY2YIZxY0qMcA
mtmosier:UkgxBseLp9E5U

The man page describes the password hashing.

htpasswd encrypts passwords using either a version of MD5 modified for Apache, or the system's crypt() routine. Files managed by htpasswd may contain both types of passwords; some user records may have MD5-encrypted passwords while others in the same file may have passwords encrypted with crypt().