There are two way you can do it.
1, update httpd.conf file.
For example, if you want to protect download folder and your www path is /var/www/html/,
you can add following code into httpd.conf file:
=================================
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/password/downloadpassword
Require valid-user
=================================
You need to use htpasswd command to generate a downloadpassword file
htpasswd -c downloadpassword greg
After change the file, need to restart the httpd service.
/etc/init.d/httpd restart
You need to restart apache service after you update httpd.conf file every time. Sometimes, it is not easy to restart the service. So, you may use the other way - .htaccess file
2, use .htaccess
If you want to protect this folder /var/www/html/download
create a file .htaccess
vim .htaccess
AuthType Basic
AuthName "Password Required"
AuthUserFile /var/password/downloadpassword
Require valid-user
Options +Indexes
You need to use htpasswd command to generate a downloadpassword file
htpasswd -c downloadpassword greg
No need to restart httpd service.
Some security hints
1, you should put the password in a different folder, not www public folder
2, if you have to put password file in the same folder, name it with dot ., like .htmypasswd.
No comments:
Post a Comment