Apache password protection with .htacces & .htpasswd files

Aquí os dejo otro apunte que he hecho hoy jugando con los permisos de acceso de apache a través de los archivos '.htaccess' y '.htpasswd', abajo del todo he puesto un ejemplo de como se podría utilizar para esconder ciertos archivos a un usuario u otro:


For the password protection with '.htaccess' & '.htpasswd' files:

Create a file named '.htaccess' , inside you can put:

AuthUserFile /home/frurf/.htpasswd      # Path to the passwords.
AuthGroupFile /dev/null
AuthName "what you want"                  # Message to the requester.
AuthType Basic
# That is optional, you can put 'require valid-user' without the '<Limit>' labels.
<Limit GET>
require valid-user
</Limit>
#### That is for protecting only files not directories.
##<Files "file.html">
## AuthUserFile /home/frurf/.htpasswd  # Path to the passwords.
## AuthGroupFile /dev/null
## AuthName "what you want"              # Message to the requester.
## AuthType Basic
## Require valid-user
##</Files>
####

Then you have to create the '.htpasswd' file, to do that you have to type:

htpasswd -c .htpasswd user
# Where '-c' is for create the file, '.htpasswd' is the filename and 'user' is the username.
# If you want to add users to the file you don't have to type the '-c' option.

And inside the '/etc/httpd/conf/httpd.conf' file change the line:

<Directory "/home/frurf/web">
...
AllowOverride None  --->  AllowOverride All
...
</Directory>

to allow acessing the '.htaccess' information, if you don't do that the file will be ignored.

You also can play with the names of the '.htpasswd' file and with the user permissions of the files, here is an example I've made:

AuthUserFile /home/frurf/.htpasswd2      # I've changed the '.htpasswd' file name.
AuthGroupFile /dev/null
AuthName "frurf/frurf | antart/antart"
AuthType Basic
<Limit GET>
require user frurf antart                            # Access allowed to both users.
</Limit>
# Files to view the frurf user:
<Files "if_frurf">
require user frurf
</Files>
# Files to view if enters the antart user:
<Files "if_antart">
require user antart
</Files>

The folder contains 2 archives(if_frurf , if_antart) but, with that configuration, depending on the user who log in it will appear one or the other file.

One tip, if you type a password in your browser it will remember that password till you exit or delete the cache.

El último ejemplo podeis probarlo tambien en mi servidor, en la pestaña 'private', la cual lleva a la carpeta con ese archivo '.htaccess' correctamente configurado.