[KLUG Members] Apache authentication

Michael Lueck mlueck at lueckdatasystems.com
Sat May 21 16:34:08 EDT 2005

Previous message: [KLUG Members] Apache authentication
Next message: [KLUG Members] Apache authentication
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For simple requirements, the .htaccess file works nicely. I use it to lock down
access to co-lo ISP usage logs on each client domain. Apache looks for the
necessary files to exist in the directory and, at least the way I have
configured it, locks down the entire subtree on the server.

Here is a sample file...

===========================================
<Files .htaccess>
order allow,deny
deny from all
</Files>

Options -Indexes

AuthUserFile /home/thedomainname/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic

require user theuserid
===========================================

And then you create the .htpasswd file with the utility provided on the server.
I placed it in a non web accessable directory for added security.

The first bit in the file above prevents the file itself from being downloaded.

About as tight as this basic security is able to get - in my opinion good
enough for web server usage logs.

Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/

Previous message: [KLUG Members] Apache authentication
Next message: [KLUG Members] Apache authentication
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list