I wanted a page of my site to be password protected. Using something called .htaccess with apache you can control who has access to your site. Remember this is not a high security solution, but something to keep regular folks out of certain sections of your site. I learned most of this from Justin Miller’s website, but his is not OS X specific. However, it is more detailed than mine. I suggest you check it out. Overview: you are enabling a feature of apache that lets you put configuration files (called .htaccess files) throughout your web site. If you put a .htaccess file in a folder the configuration options (including access limits) you set within will affect everything in that folder and above. Keep in mind that .htaccess overrides your global httpd.conf file, but only where allowed by that same httpd.conf file. Also keep in mind that I am no expert at this. The setup I am about to describe may give too much power to each of your users. I set it up this way because I trust all of the users of my machine, but if you are configuring for less trustworthy users I suggest you do a little more research. OK, here we go.

1. Figure out how to open text files as root.
2. navigate to or find /private/etc/httpd/
3. From that directory make a backup copy of “httpd.conf” put it somewhere safe
4. Open “httpd.conf” as root.
5. Look around! This is an interesting file that controls how your apache installation works. You can learn a lot just by looking.
6. Search for this line: Directory "/Library/Web server/Documents"
7. Now look a few of lines down. Change Options Indexes FollowSymLinks MultiViews to Options All MultiViews
8. Below that change AllowOverride None to AllowOverride All
9. Save the config file. Now do this cd /private/etc/httpd/users/. Now type ls You should see files called “user.conf” with your name substituted for “user”. Open the appropriate .conf file as you learned before.
10. Change Options Indexes FollowSymLinks MultiViews to Options All MultiViews
11. Below that change AllowOverride None to AllowOverride All. Now save the file.
12. Restart apache by using the sharing control panel, in System Preferences.
13. OK! Apache is configured. Now you need to make an encrypted password file.
• Navigate in the terminal to the directory you want your password file to reside. Important!: You must put this file outside the web page directory tree, that is, somewhere other than your Sites directory. Otherwise bad people can just look at this file!
• in the terminal type htpasswd -c .htpasswd yourname which will prompt you for the password. This will create a file called .htpasswd in the directory that you are currently in. If you want to update the file, perhaps adding new usernames, just do the same thing omitting the -c (create) flag
14. Now you need to create a .htaccess file:
• make a new text file called .htaccess.
• put in this text replacing the appropriate parts. “yourpath/.htpasswd” will of course just be the path to the file you created in the last step.
  AuthUserFile /yourpath/.htpasswd
AuthName 'your sitename (or whatever)'
AuthType Basic
require user yourname yourname2 yourname3

• Save in the directory that you wish these restrictions to apply to.
15. You can create additional .htaccess files in any part of your web directory tree. Each will apply to all files and directories under it unless another .htaccess file is there.
16. Done! Go crazy.

This entry was posted on Wednesday, September 14th, 2005 at 10:12 am and is filed under Linux, Macs. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.