Apache Authentication in htaccess
How to password-protect, Allow or Deny a visitor based on a condition. If you are having trouble getting htaccess-based password protection to work see: Troubleshooting htaccess Authentication: Getting it to work
Generate Your authentication htpasswd files with my free Online Password Generator!
Require password for 1 file only
Order deny,allow Deny from all AuthName "htaccess password prompt" AuthType Basic AuthUserFile /web/askapache.com/.htpasswd Require valid-user
Protect multiple files:
Order deny,allow Deny from all AuthName "htaccess password prompt" AuthUserFile /.htpasswd AuthType basic Require valid-user
Using the Apache Allow Directive in htaccess
Allow network/netmask pair
Order deny,allow Deny from all Allow from 10.1.0.0/255.255.0.0
Allow IP address
Order deny,allow Deny from all Allow from 10.1.2.3
Allow More than 1 IP address
Order deny,allow Deny from all Allow from 192.168.1.104 192.168.1.205
Allow Partial IP addresses, first 1 to 3 bytes of IP, for subnet restriction
Order deny,allow Deny from all Allow from 10.1 Allow from 10 172.20 192.168.2
Allow network/nnn CIDR specification
Order deny,allow Deny from all Allow from 10.1.0.0/16
Allow IPv6 addresses and subnets
Order deny,allow Deny from all Allow from 2001:db8::a00:20ff:fea7:ccea Allow from 2001:db8::a00:20ff:fea7:ccea/10
Deny subdomains
Order Allow,Deny Allow from apache.org Deny from wireshark.apache.org
Allow from IP without password prompt, and also allow from any address with password prompt
Order deny,allow Deny from all AuthName "htaccess password prompt" AuthUserFile /web/askapache.com/.htpasswd AuthType Basic Require valid-user Allow from 172.17.10.1 Satisfy Any
Skeleton .htaccess file
I use this when I start a new site, and uncomment or delete parts of the file depending on the sites needs
# # DEFAULT SETTINGS # Options +ExecCGI -Indexes DirectoryIndex index.php index.html index.htm ErrorDocument 400 /cgi-bin/error.php ErrorDocument 401 /cgi-bin/error.php ErrorDocument 403 /cgi-bin/forbidden.cgi ErrorDocument 404 /404.html ErrorDocument 405 /cgi-bin/error.php ErrorDocument 406 /cgi-bin/error.php ErrorDocument 409 /cgi-bin/error.php ErrorDocument 413 /cgi-bin/error.php ErrorDocument 414 /cgi-bin/error.php ErrorDocument 500 /cgi-bin/error.php ErrorDocument 501 /cgi-bin/error.php ### DEFAULTS ServerSignature Off AddType video/x-flv .flv AddType application/x-shockwave-flash .swf AddType image/x-icon .ico AddDefaultCharset UTF-8 AddLanguage en-US .html .htm .txt .xml .php SetEnv TZ America/Las_Vegas SetEnv SERVER_ADMIN webmaster@askapache.com ### PHPINI-CGI #AddHandler php-cgi .php #Action php-cgi /cgi-bin/php5.cgi ### FAST-CGI #AddHandler fastcgi-script .fcg .fcgi .fpl #AddHandler php5-fastcgi .php #Action php5-fastcgi /cgi-bin/fastcgi.fcgi # # HEADERS and CACHING # # 1 YEARHeader set Cache-Control "max-age=29030400, public" # 1 WEEKHeader set Cache-Control "max-age=604800, public" # 3 HOURHeader set Cache-Control "max-age=10800" # 1 MINHeader set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate" Header set P3P "policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"" Header set imagetoolbar "no" # # REWRITES AND REDIRECTS # ### SEO REDIRECTS #Redirect 301 /ssl-ns.html /2006/htaccess/apache-ssl-in-htaccess-examples.html #Redirect 301 /ht.tml #Redirect 301 /index.html / #RedirectMatch 301 /2006/htaccess-forum/(.*) /2006/htaccess/$1 #RedirectMatch 301 /(.*)rfc2616(.*) http://rfc.askapache.com/rfc2616/rfc2616.html #RedirectMatch 301 /phpmanual(.*) /manual/en/$1 ### REWRITES RewriteEngine On RewriteBase / ### WORDPRESS ##RewriteEngine On #RewriteBase / #RewriteCond %{REQUEST_FILENAME} !-f #RewriteCond %{REQUEST_FILENAME} !-d #RewriteRule . /index.php [L] # ### REQUIRE WWW #RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC] #RewriteRule ^(.*)$ /$1 [R=301,L] ### STOP LOOP CODE #RewriteCond %{ENV:REDIRECT_STATUS} 200 #RewriteRule ^.*$ - [L] ### REDIRECT BLOG FEED TO FEEDBURNER #RewriteCond %{HTTP_USER_AGENT} !^.*(FeedBurner|FeedValidator|Recent) [NC] #RewriteRule ^feed/?.*$ http://feeds.feedburner.com/apache/htaccess [L,R=302] ### BLOCK WGET #RewriteCond %{HTTP_USER_AGENT} ^Wget.* [NC] #RewriteRule .* /cgi-bin/forbidden.cgi [L] # # AUTHENTICATION # ### BASIC PASSWORD PROTECTION #AuthName "Prompt" #AuthUserFile /web/askapache.com/.htpasswd #AuthType basic #Require valid-user ### UNDER CONSTRUCTION PROTECTION #AuthName "Under Development" #AuthUserFile /web/askapache.com/.htpasswd #AuthType basic #Require valid-user #Order Deny,Allow #Deny from all #Allow from 23.23.23.1 w3.org googlebot.com google.com google-analytics.com #Satisfy Any
« Speed up your site with Caching and cache-controlSecurity with Apache htaccess Tutorial »
Comments