Apache Webserver
The most used Webserver on earth is the Apache Webserver. Personally I find the documentation of this Server a mess. I can not find what I am looking for and most of the things are hidden in commands you don't expect to host the information. See for your self at the documentation of Apache [1].
Access Protection
It is possible to protect a directory of beeing accessed by not authorized users.
The HTTP Basic Authentication method allows you to restrict access to areas of your website by managing your own usernames and passwords. Use this approach if you need to restrict access to every user. It is available on all domains via HTTPS.
To use HTTP Basic Authentication on servers, you'll need to create two files,
- .htaccess
- .htpasswd,
in the folder you want to protect.
Create your .htaccess file
Using your favorite text editor, create a .htaccess file in the directory you want to secure with contents similar to this: <syntaxhighlight lang="bash" line start="1"> AuthType Basic AuthName "Restricted Area" AuthUserFile /home1/c/clifford/public_html/protected/.htpasswd require valid-user </syntaxhighlight>
The path to the password file after AuthUserFile follows this format: <syntaxhighlight lang="bash" line start="1"> /home1/<first inital>/<username>/html/protected/.htpassword </syntaxhighlight>
f you've created the file locally, save it and upload it to the directory you want to protect using your favorite FTP client (more info).
Create your .htpasswd file (htpasswd)
Connect to Server via the command line. Navigate to the folder you want to protect (the location you uploaded your .htaccess file to). Run the htpasswd command with the -c option to initialize your .htpasswd file. It will create the file if it doesn't exist or replace all of the contents in an existing file with the specified user . In this example, the file is initialized with the user "cliff" (use whatever username you want): <syntaxhighlight lang="bash" line start="1"> htpasswd -c .htpasswd cliff </syntaxhighlight> You will be prompted to enter a password for the user.
Add users or change passwords for existing users
To add more users or change the password for an existing user, simply run htpasswd without the -c option. In this example, a new user, "eric", is added: <syntaxhighlight lang="bash" line start="1"> htpasswd .htpasswd eric </syntaxhighlight>
Set file and directory permissions
Make sure both your .htaccess and .htpasswd files are readable by the web server.
In most cases this will mean making them world readable (more info on changing permissions).
For extra security, run the chgrp-httpd command mentioned below to give the web server read access to the directory while preventing anyone else from seeing into it.
Note: it is not advisable to use the chgrp-httpd script if you are protecting files in your CGI directory. Instead, chmod the protected directory to 711.
- Wiki Galaxy Project, Apache External User Auth
- Seas U Penn, How to configure a web page to require a username and password.
PHP Support in JS and CSS
Q:How to mix javascript js file(script embedded with php) and php code?
A nasty problem since you need to have all your Javascript with embedded php inside you PHP-file.
Fortunately there is a solution.
You just need to enable the PHP to read JS files. Do this:
- Open your httpd.conf (Apache configuration file) and find this line:
<syntaxhighlight lang="bash" > AddHandler application/x-httpd-php .php </syntaxhighlight>
- And add the extension, modifying this line to:
<syntaxhighlight lang="bash" >
AddHandler application/x-httpd-php .php .js
</syntaxhighlight>
You can even add CSS files too.
NB: Be aware this will only work when you may alter your httpd.conf on your webserver.
See also
- Ask Apache, Apache htaccess hackers guide.
- Apache Documentation
- Apache Doc, Directives. Each Apache directive available in the standard Apache is listed.
- Apache Doc, Directives Quick Reference.
- Apache Doc, Directives Dictionary. Document describes the terms that are used to describe each Apache configuration directive.
Reference
- ↑ httpd apache Current documentation.