Monday, January 16, 2006

.htaccess usage on Apache doesn't work?, See what you are missing.

I wasted couple of hours on this, So sharing this one with everyone so that I can save someone else's time.

Simplest way to implement directory level authorization on Apache HTTP server is to use .htaccess file with password file combinations, You will find How to Implement Authorization on Apache everywhere. But there are couple of things which you will not find in these sites, because they assume that you would have done this before or you know about this already. So let me run thru basic steps and steps which are generally ignored (but very important get this out there)

Basic Steps
  1. Create .htaccess file with all the directives like AuthType,AuthName,AuthUserFile,Require attributes
  2. Create password file (as specified in AuthUserFile) using htpasswd command.
usually Ignored Steps (in your httpd.conf file make sure following lines are not commented out)
  1. LoadModule auth_module libexec/httpd/
  2. AddModule mod_auth.c

  3. Order allow,deny
    Deny from all
    Satisfy All

  4. Most important step which makes or brakes this whole exercise
    1. "AllowOverride none" should be replaced by "AllowOverride AuthConfig"

With above you should be up and running with Apache Basic Auth.