Thursday, January 20, 2011

How does "password protection" works in apache?

I have a website (http://mywebsite.com.) for a client, and I would like to create some subdomains like (http://trac.mywebsite.com). I would like to create a password protection for this subdomain, that would be called only for the first time someone entered in http://trac.mywebsite.com: for example, if (http://trac.mywebsite.com/source) is entered, no password is asked.

I know apache is capable of handling users and passwords, but could it be a solution to this feature Im looking for?

Thanks in advance!

From serverfault Somebody still uses you MS-DOS

  • For Apache 1.3:

    http://httpd.apache.org/docs/1.3/howto/auth.html

    For Apache 2.0:

    http://httpd.apache.org/docs/2.0/howto/auth.html

    Somebody still uses you MS-DOS : Your second link is broken... Add a "/" after "2.0". Thanks for them though.
    From Warner

  • Warner's links are exactly what you need. Though they should be your comprehensive reference they might be a little dry for an introduction to the concept of mod_auth_*. Try googling for "apache htpasswd" or something similar. Here is a decent tutorial to get you started:

    http://www.cyberciti.biz/faq/howto-setup-apache-password-protect-directory-with-htaccess-file/

    Note: Works the same for subdomains as it does for subdirectories.

    Somebody still uses you MS-DOS : Thanks for the info. Does a password prompt appears every time I hit a subdomain I "protected" with a password? Is it possible to configure this?
    fission : Generally it will be the first time hitting that particular "realm", or protected area, in a session. After that, the browser will reuse the existing credentials without prompting the user for them each time.
    From CarpeNoctem

  • One caution in using the http:// access method and Apache Basic Authentication is that the passwords are sent without encryption. Thus if you using a shared network, this information could be captured.

    If you are a little more cautions, you could use https::// where the communication (including the password exchange) would be encrypted between the user and the server.

    Somebody still uses you MS-DOS : Thanks for the info. We are already using https.
    From mdpc
Posted by Mu Cat at 6:57 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)