I need to password protect some directories:
- The root of the webserver (var/www/html) needs to be accessible by everybody from ip range 192.168.1.x
- All other ip adressess must be asked for a login
- A subdir called 'sales' (var/www/html/sales) needs to be password protected for everybody from anywhere
Is this possible?
My .htaccess in the root looks like:
But if i want to password protect the sales dir it won't work.
PHP_FLAG output_buffering on
ErrorDocument 401 /errors/401.htm
ErrorDocument 403 /errors/403.htm
ErrorDocument 404 /errors/404.htm
Deny from all
Allow from 192.168.1.
AuthName "Password Required"
adding password files like that^ although im not sure if you can do a local network override like that, you made it so that only the 192.168.1.* can access it, but from a diff ip it wont access, it wont even give them a password prompt...
Not sure about the IP range no password and password for everyone else bit but in your sales directory you need to put an additional .htaccess file.
.htaccess uses a cascade of priorities - it will adopt what ever is in its parent directory unless it has something sayinf otherwise.
you will also need to have different AuthNames for each area, so you might want Authname="Login" for your main one, and AuthName="Sales" for the /sales/.
I would also recommend putting your AuthUserFile somewhere out of reach of the public. I put mine in a folder under the webserver root, so my root is /var/www/html, and i put my userfiles in /var/www/passwords.
You can use the apache module to do so, I did this setup using webmin the GUI Tool and it worked fine.
Could you show me what the settings would be?
In the Authentication Realm Name you can give any meaningful name.
Authentication Type make it Basic.
Restrict Access by Login will be Only These Users and mention the username.
Client Must Satisfy will be Default.
Restrict Access Checking Order will be Default.
In the TextFile mention the path and the name of the file you have created.
Rest all of the thing will be left default.
Save the settings and restart the Apache Web Server and check if it works or not.
Please refer to the following link for more information: