[KLUG Members] Apache authentication
Michael Lueck
mlueck at lueckdatasystems.com
Sat May 21 16:34:08 EDT 2005
For simple requirements, the .htaccess file works nicely. I use it to lock down
access to co-lo ISP usage logs on each client domain. Apache looks for the
necessary files to exist in the directory and, at least the way I have
configured it, locks down the entire subtree on the server.
Here is a sample file...
===========================================
<Files .htaccess>
order allow,deny
deny from all
</Files>
Options -Indexes
AuthUserFile /home/thedomainname/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
require user theuserid
===========================================
And then you create the .htpasswd file with the utility provided on the server.
I placed it in a non web accessable directory for added security.
The first bit in the file above prevents the file itself from being downloaded.
About as tight as this basic security is able to get - in my opinion good
enough for web server usage logs.
Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/
More information about the Members
mailing list