Reputation: 1135
Password Protect My Website
I have recently created a new Amazon EC2 instance using Amazon Linux AMI. What is the best way to force a user accessing the domain to enter a username/password before allowing access to the site?
I am currently using apache http server, and saw some resources indicating I need to use a .htaccess file, but was looking for a more concise explanation.
Upvotes: 14
Views: 23956
Answers (4)
Reputation: 1
gnerate encrypted password and add to .htpasswd file
$ htpasswd -nbm username Password
.htaccess file entry
AuthType Basic
AuthName "My Protected Area"
AuthUserFile /absolute/path/to/password/file
Require valid-user
For more details go through this blog post - iCodefy
Upvotes: 0
Reputation: 6084
Password Protecting Site via Htaccess
Create a .htaccess file with the following in the to-be-protected folder:
AuthType Basic AuthName "Password Protected Area" AuthUserFile /var/www/admin/.htpasswd Require valid-userCreate a
.htpasswdfile in the same or preferably a folder that is outside/var/www.For demonstration, I used a dummy path above. The .htpasswd file should contain your password salt use this generator to create your
.htpasswdfile.Assuming you are using ubuntu, you have to enable htaccess override via this file:
/etc/apache2/sites-available/defaultChange the "AllowOverride None" to "AllowOverride All" in:
<Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory>
note: you may need to edit in ssh via command line: sudo nano /etc/apache2/sites-available/default
sudo /etc/init.d/apache2 reload
Upvotes: 29
Reputation: 533
You need to generate a password username+password string for authentication and write it to a file.
- You can use HTTP password generator tool to do this.
- Copy paste the string you obtained to a new file (.htpasswd) anywhere outside your Webroot (better to keep anywhere inside home directory of the user).
- Add following lines in your .htaccess file.
AuthType Basic AuthName "Require Authentication" AuthUserFile [PATH_TO_FILE]/.htpasswd Require valid-user
If the password is not triggering, check the permission of .htaccess file.
If authetication fails, check the existance of .htpasswd file in the specified location. (Make sure your user account has enough privileges on .htpasswd file to read)
You do not need to restart server to achieve this.
Hope this helps.
Upvotes: 1
Reputation: 71384
If all you are looking for is server-level access control (i.e. no modifications to your application), you can utilize basic authentication. This is implemented at the Apache web-server level and can be controlled on a directory-by-directory basis if desired using .htaccess files.
Here is a link to the Apache documentation
http://httpd.apache.org/docs/2.2/howto/auth.html
Here is a simple example of how to implement
http://doc.norang.ca/apache-basic-auth.html
Upvotes: 5
Related Questions
- Password protect directory in AWS EC2 running Apache/Linux
- How to secure EC2 server with just MySQL on it?
- AWS - Create passwords for .passwd and .htaccess
- Apache: how to make directories 'secure'
- Securing a web server with local MySQL database
- Securing an EC2 Instance which Hosts a Static Public Website
- basic php password protect
- Password protect directory in Apache
- How to password protect wordpress site?
- Password protect a simple web site