Use Apache HTACCESS to protect passwords
Use Apache HTACCESS to protect passwords
In staging mode, if you want to make the specified directory on the website open to some people, you can use the password protection method for the website-using the htpasswd file.
The password file is used to store valid user names and password information for accessing the website/directory. Basically, Apache provides a program to create a password file, that is, the htpasswd program. In the bin directory after Apache installation, for example, after installing Apache in Windows, here:
- D:/Apache/bin/htpasswd.exe
The following describes how to create an htpasswd file.
Step 1: Create a. htpasswd File
First, you need to create a file named. htpasswd, which is used to store the user name and encrypted password.
For example, if the username is admin and the password is 123456, the content in the. htpasswd file may be like this:
- admin:9dKtKHPyz51Vs
Here, the user name is followed by the password, and the password is the encrypted ciphertext. Now you can upload the. htpasswd file to the root directory.
There is a website that generates the. htpasswd file online: http://www.htaccesstools.com/htpasswd-generator/
Step 2: Create a. htaccess File
Create a new. htaccess file and write the following content:
- AuthName "Restricted Area"
- AuthType Basic
- AuthUserFile /home/site/.htpasswd
- AuthGroupFile /dev/null
- require valid-user
Next, upload the. htaccess file and test whether the file can be accessed.
AuthName: the name of the pre-accessed region.
AuthType: indicates the authentication method used by HTTP. Basic indicates Basic HTTP authentication.
AuthUserFile: The. htpasswd file pointing to the root path of the server.
Require: only valid users in the file list can access the AuthName region.