Friday, September 2, 2011

Restrict Access With Apache

In this document I hereby explain how to restrict access to a specified Directory in Apache.

My infrastructure is
Apache 2.2.6

For this example let’s say I want to protect a directory called private. Although your files may be in other locations, my files are located here:

Directory to protect: /var/www/htdocs/private
httpd.conf: /etc/apache/conf/httpd.conf

The very first thing to do is create an .htaccess file with following details right in the Directory
[root@server ] touch /var/www/htdocs/private/.htaccess
[root@server ] vi /var/www/htdocs/private/.htaccess

AuthType Basic
AuthUserFile /var/www/conf/.htpasswd
AuthName RestrictedArea
require valid-user
satisfy any

Here the .htpasswd file is storing the user name and password of authenticated users. You can specify this file any where in the directory.
Change its ownership and permissions

[root@server ]chown apache.apache /var/www/conf/.htpasswd
[root@server ]chmod 644 /var/www/conf/.htpasswd

Next lets add this following content in the httpd.conf file. Put the following content in the Directory Tag

[root@server]vi /etc/httpd/conf/httpd.conf

deny from all
Options ExecCGI
AllowOverride AuthConfig
Order deny,allow

Save and Exit

Now Lets add some users in the .htpasswd files

[root@server]htpasswd –bc /var/www/conf/.htpasswd admin passwd

OK,Now lets restart the Apache

[root@server]apachectl -k graceful

Check the Web server ports are listening.

[root@server]netstat -ntlp

If the 80 port is listening go to your favourite web browser and type the address. It will ask for user name and password to check in.Other wise you will get an internal server error. You may miss something. Check with your server logs.