Apache Access Control

posted Apr 28, 2009, 5:27 AM by G. Maze ‎(admin)‎
I use MAMP to emulate an Apache web server on my laptop. Although my local webpages are for intranet local use only, producing a first level access control, I may have sometimes the necessity to protect the access to particular content.
More info can be found here: http://httpd.apache.org/docs/1.3/howto/auth.html

I found a lot of posts in user forums to talk about .htaccess file with MAMP not working.
Here is the procedure that work for my configuration:

Create a username/password pair with the command:
htpasswd -c /Applications/MAMP/Library/.htpasswd johndoe

The password for the user johndoe is encrypted and placed in the hidden file .htpasswd under the MAMP Library folder.
Note that the "-c" option will the create the password file or replace an existing one, don't use this option to add a username to the already existing password file.

Then in the directory you want to protect create a hidden file .htaccess which contains:
AuthUserFile .htpasswd
AuthGroupFile /dev/null
AuthName "Password Protected Area"
AuthType Basic

<limit GET POST>
require valid-user

Now in your browser, accessing the folder where you put the .htaccess file should require the login/password pair.