Friday, May 8, 2009

Password protecting folders in Apache on Mac OS X Leopard

I struggled for many hours to password protect a few folders inside my Apache web server. This is what I was trying to do. I had some images inside a folder inside the document root. I needed them there so that my application could access them off the web server. The key however was to disallow non authorized users to access them.

Kartik had suggested looking into htaccess that basically allowed you to do this in Apache. However, there are some tweaks that are needed on Mac OS X before this can work.

Here are the steps that can be followed to do this:

1. Edit your Apache config file which, on Mac OS X Leopard is /private/etc/apache2/httpd.conf. Look for the line:

AllowOverride None

Note that there could be multiple such lines. Look for one that is below comments similar to the following:

# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit

Change the above line to:

AllowOverride All

2. Next, create a file called .htaccess with the following contents:

AuthName "Server Access"
AuthType Digest
require valid-user

Save this file and copy to the folders you require to be password protected.

3. That's it! You can now use your OS username and passwords to access the restricted folders.

To figure this out took me hours of pain and a whole lot of trials and errors. Finally, got it to work!

Google yielded umpteen links. Many of them suggested a .htpasswd file that had the username and an encrypted password. You then need to give the path of this file in your .htaccess file. This should also work. For some reason it did not work for me.

No comments: