HTTP authentication with .htaccess protection
Common files
Before we move on you should be familiar with the following files.

The .htaccess file
This file is placed under the directory that you wish to protect and contains the configuration directory that overrides the httpd.conf file. When a Web request is made to the Web Server every directory is checked starting with the ServerRoot and ending with the directory the requested file is in for a .htaccess file. If a .htaccess file is found in a directory its directives are applied to that directory and every sub directory below it.

The .htpasswd file
This file can be placed anywhere on the server but placing it under the DoucmentRoot would be a great security risk as it would allow the intruders to read the file with their we browser. It would contain the user configuration for the .htaccess protection.

The .htgroup file
This file can be placed anywhere on the server but placing it under the DoucmentRoot would be a great security risk as it would allow the intruders to read the file with their we browser. It would contain the user group?s configuration for the .htaccess protection.

The .httpd.conf file
This file is the main Apache Server configuration file. The Web Server gets its directives instructions from this file.

Creating the files
Now we know that which file is used for what purpose. So, lets get on to work by creating the files one by one.

.htaccess
This file should contain the following lines.

AuthUserFile /etc/httpd/conf/.htpasswd
AuthGroupFile /dev/null
AuthName ravish
AuthType Basic
require user ravish

In case you wish to add multiple users add the following lines. 

AuthUserFile /etc/httpd/conf/.htpasswd
AuthGroupFile /etc/httpd/conf/.htgroup
AuthGroupFile /dev/null
AuthName ravish
AuthType Basic
require user ravish

.htpasswd
We do not need to create this file manually as we can easily manage it with ?htpasswd? program. We can create the file with the following command line.

htpasswd ?c /etc/httpd/conf/.htpasswd ravish 

Here, the ?c flag creates a new file. You do not need to use this flag in case the file does not exist otherwise it will override the file. So, to add multiple usernames use the following syntax.

htpasswd /etc/httpd/conf/.htpasswd ewdi
htpasswd /etc/httpd/conf/.htpasswd neo
htpasswd /etc/httpd/conf/.htpasswd outvit

.htgroup
This file is used for Multiple Usernames and Passwords and should contain the following line.

ravish: ewdi neo outvit

httpd.conf
In some case .htaccess files may not work. Therefore, we need to do a slight modification in httpd.conf file to get everything on work correctly. To allow .htaccess to override httpd.conf add following lines to httpd.conf. 

AllowOverride All
Order allow,deny
Allow from all

Removing a user
To remove a user just delete the respective user?s password line from the .htpasswd file.

Additional Security
Now you have got everything up so you can increase the security by proper giving proper permissions to the configuration files by following syntax.

chmod 644 .htaccess
chmod 644 /etc/httpd/conf/.htpasswd
chmod 644 /etc/httpd/conf/.htgroup





This article comes from osforge.com
http://www.osforge.com

The URL for this story is:
http://www.osforge.com/viewtutorial70.html