When developing a new site or in any other situation when you need to close access to a site or directory with a password. This may be due to the need to prohibit the indexing of content by search robots during the development period, or it may be necessary to close access to certain sections and documents of the site.
Access to the contents of any directory on the server can be restricted on almost all web servers using the htpasswd file. When accessing the directory through a browser, the user will be presented with a dialog modal for entering a login and password.
How to create a .htpasswd password file
At the first stage, come up with a new username and generate a new password using the page with the password generator tool. Save the passwords you received.
Next, you need to generate content for the .htpasswd file using the htpasswd generator. In the “User (Login)” field, indicate the login you invented (only in Latin letters), in the “Password” field – the password generated earlier. After that, you will get a result something like this:
admin:$apr1$evskxt6q$p3RZUmYH.mVZn9nVMij850
To understand what we got as a result, the resulting string can be represented as <login>:<password>, where admin is our “User (Login)”, and $apr1$evskxt6q$p3RZUmYH.mVZn9nVMij850 is our encrypted password.
Далее нам необходимо создать обычный текстовый файл с именем .htpasswd. И в этот файл нам необходимо вставить нашу строку admin:$apr1$evskxt6q$p3RZUmYH.mVZn9nVMij850 и сохранить файл. Если вам нужно сделать несколько учетных записей, то вам нужно повторить все шаги описанные выше еще раз и добавить еще одну запись в этот же файл, но уже с новой строки. Допустим если нам нужно 2 учетные записи, то содержимое файла будет выглядеть так:
Next, we need to create a plain text file named .htpasswd. And in this file we need to insert our line admin:$apr1$evskxt6q$p3RZUmYH.mVZn9nVMij850 and save the file. If you need to create several accounts, then you need to repeat all the steps described above one more time and add another record to the same file, but on a new line. Suppose if we need 2 accounts, then the contents of the file will look like this:
admin:$apr1$evskxt6q$p3RZUmYH.mVZn9nVMij850
developer:$apr1$pngk7j62$Z/cOxoZMvrwUROGXrbMiY/
Where we see 2 accounts for the login admin and developer.
Attention:
- The content of the file should be only from the lines generated using the generator, if there are several of them, then add them on a new line.
- There should be no empty lines in the file
- The file must be in UTF-8 encoding
It is also worth noting that you can generate an .htpasswd file using programs that you can download on the Internet, but we do not recommend doing this, as the programs may contain viruses.
Now we just need to connect the .htpasswd file to the WEB server. In this article, we will look at connecting to Apache and Nginx.
How to connect .htpasswd to Nginx
To protect a specific directory on the site, you need to update the nginx config of your site, and add something like this there:
location /protect {
auth_basic “Admin Area”;
auth_basic_user_file /path/to/.htpasswd;
}
location /protect – means that we will protect the /protect directory with a password.
auth_basic “Administrator’s Area”; – the name of the dialog box in which you will need to enter your username and password.
auth_basic_user_file /path/to/.htpasswd; – path to the .htpasswd file.
To check that your content is protected, try accessing restricted content in a browser, for this you need to go to www.example.com/protect (if you specified location /protect, otherwise you need to specify your path). You should see a window to enter your username and password.
We can also restrict access to the entire site, but at the same time make certain areas of the site public. In this case, specify auth_basic off in a specific directory:
server {
…
auth_basic “Admin Area”;
auth_basic_user_file /path/to/.htpasswd;
location /public {
auth_basic off;
}
}
How to connect .htpasswd to Apache
First, let’s look at how to completely close the entire site. Open the virtual host file where you want to add the restriction and add the root directory of your site there:
<VirtualHost *:80>
DocumentRoot /var/www/html
…
<Directory “/var/www/html”>
AuthType Basic
AuthName “Admin Area”
AuthUserFile /path/to/.htpasswd
Require valid-user
</Directory>
</VirtualHost>
Thus, we can specify some higher directory in your site to close a specific directory on your site.
Now let’s look at how you can block access to the site if you have the setting enabled:
AllowOverride All
This setting enables the ability to use .htaccess files. Now go to the directory to which we want to restrict access by password, create an .htaccess file with the following directives:
AuthType Basic
AuthName “Admin Area”
AuthUserFile /path/to/.htpasswd
Require valid-user
If you put the .htpasswd file somewhere in the directory with the site, then now you need to protect it, for this you need to create an .htaccess file in the same directory where the password file is. If there is already an .htaccess file there, then you need to open it for editing and add the following lines:
<Files .htpasswd>
deny from all
</Files>
Hope this information was helpful to you.