Apache lock-down
This blog post is more than 8 years old, so the content may be out of date.
It's a request I get a lot when a site's in development: put the website on a public server, but lock it down so you need a password to get into the site.
There are a few Drupal modules for this:
But I want to do something with Apache (why? I don't want to add a module that's not going to be used in production, and it makes testing a little more reliable).
Preparing a password file
Both of the methods rely on a password file which can be used by Apache.
Initially create the password file by using the '-c' option.
htpasswd -c /var/www/.htpasswd username
It'll then prompt you for a password for that username.
Add new users using the same command:
htpasswd /var/www/.htpasswd username
Standard Apache lock-down
Here's the standard way to add basic-auth:
<Directory /var/www/html> # Basic setup...default is deny, unless someone is allowed. Order Deny,Allow Deny from all # Instructions for basic auth AuthType Basic AuthName "Restricted Files" # Path to the file created with htpasswd AuthUserFile /var/www/.htpasswd # If we're using the password file, and user in the password file is accepted Require valid-user </Directory>
Apache lock-down with IP whitelist
This takes the apache basic-auth lockdown, but whitelists certain IP addresses (basically so I don't have to remember usernames and passwords!)
<Directory /var/www/html> # Basic setup...default is deny, unless someone is allowed. Order Deny,Allow Deny from all # Instructions for basic auth AuthType Basic AuthName "Restricted Files" # Path to the file created with htpasswd AuthUserFile /var/www/.htpasswd # If we're using the password file, and user in the password file is accepted Require valid-user # Any of the authentication methods are OK: password or IP allow. Satisfy Any # Localhost Allow from 127.0.0.1 # Marcus' IP address Allow from 1.2.3.4 </Directory>
Footname
Site's behind Varnish and you want to use the same approach? Mig5 has an answer: Excluding IPs from HTTP auth when Apache is behind Varnish.
Add new comment