Saturday 19 January 2013

Personnel notes on Password Protecting Apache folder/alias + Disable Apache Directory Browsing

Post : Personnel notes on Password Protecting Apache folder/alias + Disable Apache Directory Browsing
URL : http://aacable.wordpress.com/2012/12/27/personnel-notes-on-password-protecting-apache-folderalias-disable-apache-directory-browsing/
Posted : December 27, 2012 at 12:54 PM
Author : Syed Jahanzaib / Pinochio~:)
Tags : .htaccess, .htpasswd, create alias in apache, disable directory browsing in apache, password protect apache folder
Categories : Linux Related
http://aacable.files.wordpress.com/2012/12/password.jpg&h=125
> Howto Disable DIRECTORY BROWSING in apache2
To Disable directory browsing in Apache (In Ubuntu its apache2), Remove the following directive from your required folder.
Indexes
For example,  you want to remove directory browsing for /var/www/backup folder.
Edit the below file /etc/apache2/sites-enabled/000-default by using following command
nano /etc/apache2/sites-enabled/000-default
The Default config is below.
Alias /backup /var/www/backup
<Directory /var/www/backup>
DirectoryIndex index.html
Options Includes Indexes FollowSymLinks MultiViews
</Directory>
Change it below
Alias /backup /var/www/backup
<Directory /var/www/backup>
#DirectoryIndex index.html
Options Includes FollowSymLinks MultiViews
</Directory>
Save & Exit , then Restart APACHE Service by
service apache2 restart
============================================================
> Howto create Alias/Virtual Folder
To create Alias/VF, for example /var/www/backup
Edit the below file, and add the data as showed below
nano /etc/apache2/sites-enabled/000-default
Alias /backup /var/www/backup
<Directory /var/www/backup>
DirectoryIndex index.html # Change as per requirement
Options Includes Indexes FollowSymLinks MultiViews
AllowOverride None
order allow,deny
allow from all
</Directory>
Save & Exit , then Restart APACHE Service by
service apache2 restart
============================================================
> Howto Password Protect Apache Folder with .htaccess
If you want to password protect specific folder in Apache so un authorized users cannot access it, use the following method. There are other better methods available, You can follow them for best practices. I just did it this way.
First Create password file
htpasswd -c /etc/apache2/passwd zaibtest
(Replace zaibtest with your required username, It will ask you for password, enter password you like to set for user zaibtest. Also you can save this file anywhere you like)
Now protect your required folder, for example I want to protect /var/www/backup folder, then use the following directives in in /etc/apache2/sites-enabled/000-default
nano /etc/apache2/sites-enabled/000-default
Alias /backup /var/www/backup
<Directory /var/www/backup>
#DirectoryIndex user.php
AuthType Basic
AuthName "Please enter valid user password to access Zaib's Data"
AuthUserFile /etc/apache2/passwd
Require valid-user
Options Includes Indexes FollowSymLinks MultiViews
AllowOverride ALL
order allow,deny
allow from all
</Directory>
Save & Exit , then Restart APACHE Service by
service apache2 restart
Now try to access the folder, it will ask you the password.
http://aacable.files.wordpress.com/2012/12/asking-password.png&h=225
.
After providing valid id password, you can access your folder. (I use it to download backup data from remote location)
http://aacable.files.wordpress.com/2012/12/access-granted.png&h=268

































Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)