FREE THOUGHT · FREE SOFTWARE · FREE WORLD

Home  »  Htaccess  »  Apache Authentication in htaccess

by 15 comments

How to password-protect, Allow or Deny a visitor based on a condition. If you are having trouble getting htaccess-based password protection to work see: Troubleshooting htaccess Authentication: Getting it to work

Generate Your authentication htpasswd files with my free Online Password Generator!

Require password for 1 file only


Order deny,allow
Deny from all
AuthName "htaccess password prompt"
AuthType Basic
AuthUserFile /web/askapache.com/.htpasswd
Require valid-user

Protect multiple files:


Order deny,allow
Deny from all
AuthName "htaccess password prompt"
AuthUserFile /.htpasswd
AuthType basic
Require valid-user

Using the Apache Allow Directive in htaccess

Allow network/netmask pair

Order deny,allow
Deny from all
Allow from 10.1.0.0/255.255.0.0

Allow IP address

Order deny,allow
Deny from all
Allow from 10.1.2.3

Allow More than 1 IP address

Order deny,allow
Deny from all
Allow from 192.168.1.104 192.168.1.205

Allow Partial IP addresses, first 1 to 3 bytes of IP, for subnet restriction

Order deny,allow
Deny from all
Allow from 10.1
Allow from 10 172.20 192.168.2

Allow network/nnn CIDR specification

Order deny,allow
Deny from all
Allow from 10.1.0.0/16

Allow IPv6 addresses and subnets

Order deny,allow
Deny from all
Allow from 2001:db8::a00:20ff:fea7:ccea
Allow from 2001:db8::a00:20ff:fea7:ccea/10

Deny subdomains

Order Allow,Deny
Allow from apache.org
Deny from wireshark.apache.org

Allow from IP without password prompt, and also allow from any address with password prompt

Order deny,allow
Deny from all
AuthName "htaccess password prompt"
AuthUserFile /web/askapache.com/.htpasswd
AuthType Basic
Require valid-user
Allow from 172.17.10.1
Satisfy Any

Skeleton .htaccess file

I use this when I start a new site, and uncomment or delete parts of the file depending on the sites needs

Ultimate htaccess file sample

#
#            DEFAULT SETTINGS
#
Options +ExecCGI -Indexes
DirectoryIndex index.php index.html index.htm

ErrorDocument 400 /cgi-bin/error.php
ErrorDocument 401 /cgi-bin/error.php
ErrorDocument 403 /cgi-bin/forbidden.cgi
ErrorDocument 404 /404.html
ErrorDocument 405 /cgi-bin/error.php
ErrorDocument 406 /cgi-bin/error.php
ErrorDocument 409 /cgi-bin/error.php
ErrorDocument 413 /cgi-bin/error.php
ErrorDocument 414 /cgi-bin/error.php
ErrorDocument 500 /cgi-bin/error.php
ErrorDocument 501 /cgi-bin/error.php


### DEFAULTS
ServerSignature Off

AddType video/x-flv .flv
AddType application/x-shockwave-flash .swf
AddType image/x-icon .ico

AddDefaultCharset UTF-8
AddLanguage en-US .html .htm .txt .xml .php

SetEnv TZ America/Indianapolis
SetEnv SERVER_ADMIN webmaster@askapache.com


### PHPINI-CGI
#AddHandler php-cgi .php
#Action php-cgi /cgi-bin/php5.cgi

### FAST-CGI
#AddHandler fastcgi-script .fcg .fcgi .fpl
#AddHandler php5-fastcgi .php
#Action php5-fastcgi /cgi-bin/fastcgi.fcgi



#
#           HEADERS and CACHING
#
# 1 YEAR

Header set Cache-Control "max-age=29030400, public"


# 1 WEEK

Header set Cache-Control "max-age=604800, public"


# 3 HOUR

Header set Cache-Control "max-age=10800"


# 1 MIN

Header set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate"
Header set P3P "policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS""
Header set imagetoolbar "no"




#
#          REWRITES AND REDIRECTS
#
### SEO REDIRECTS
#Redirect 301 /ssl-ns.html /2006/htaccess/apache-ssl-in-htaccess-examples.html
#Redirect 301 /ht.tml
#Redirect 301 /index.html /
#RedirectMatch 301 /2006/htaccess-forum/(.*) /2006/htaccess/$1
#RedirectMatch 301 /(.*)rfc2616(.*) http://rfc.askapache.com/rfc2616/rfc2616.html
#RedirectMatch 301 /phpmanual(.*) /manual/en/$1

### REWRITES
RewriteEngine On
RewriteBase /

### WORDPRESS
#
#RewriteEngine On
#RewriteBase /
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule . /index.php [L]
#


### REQUIRE WWW
#RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
#RewriteRule ^(.*)$ /$1 [R=301,L]


### STOP LOOP CODE
#RewriteCond %{ENV:REDIRECT_STATUS} 200
#RewriteRule ^.*$ - [L]

### REDIRECT BLOG FEED TO FEEDBURNER
#RewriteCond %{HTTP_USER_AGENT} !^.*(FeedBurner|FeedValidator|Recent) [NC]
#RewriteRule ^feed/?.*$ http://feeds.feedburner.com/apache/htaccess [L,R=302]

### BLOCK WGET
#RewriteCond %{HTTP_USER_AGENT} ^Wget.* [NC]
#RewriteRule .* /cgi-bin/forbidden.cgi [L]





#
#           AUTHENTICATION
#
### BASIC PASSWORD PROTECTION
#AuthName "Prompt"
#AuthUserFile /web/askapache.com/.htpasswd
#AuthType basic
#Require valid-user

### UNDER CONSTRUCTION PROTECTION
#AuthName "Under Development"
#AuthUserFile /web/askapache.com/.htpasswd
#AuthType basic
#Require valid-user
#Order Deny,Allow
#Deny from all
#Allow from 23.23.23.1 w3.org googlebot.com google.com google-analytics.com
#Satisfy Any

Tags

April 10th, 2007

Comments Welcome


Related Articles


My Online Tools
Popular Articles


Hacking and Hackers

The use of "hacker" to mean "security breaker" is a confusion on the part of the mass media. We hackers refuse to recognize that meaning, and continue using the word to mean someone who loves to program, someone who enjoys playful cleverness, or the combination of the two. See my article, On Hacking.
-- Richard M. Stallman









[hide]

It's very simple - you read the protocol and write the code. -Bill Joy

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. NCSA HTTPd.
UNIX ® is a registered Trademark of The Open Group. POSIX ® is a registered Trademark of The IEEE.

+Askapache | askapache

Site Map | Contact Webmaster | License and Disclaimer | Terms of Service

↑ TOPMain