Protéger par mot de passe l’accès à un dossier servi sur le web via le serveur web Apache.
Hacking this requires to hack the Apache web server or the hosting machine and not "only" a web application.
This keeps web crawlers away while a robots.txt file is just a mention you put on an open door.
This can also protect your web application from security breach crawlers if you are with an "intranet" style scenario.
We need to add 2 files in the folder : .htaccess .htpasswd
$ cd /var/www/web-folder-to-protect
$ vi .htaccessAuthUserFile /…/.htpasswd (1)
AuthName "Dites ami et entrez" (2)
AuthType Basic
require valid-user| 1 | Absolute path to a readable .htpasswd |
| 2 | Facultative |
$ pacman -S whois (1)
$ mkpasswd
Mot de passe : (2)
$y$j9T$PiRPvEKe86T6/hH/Rdlh90$eQbrTxlziyxQL3CTAlCFS5BmzMysCcAi5Dd/HYkTqL8 (3)| 1 | If you don’t have the mkpasswd command available, you might install it this way on Artix Linux |
| 2 | Here you can type the wanted password, it won’t be visible on the screen (won’t be echo’ed) |
| 3 | Here is an example of returned hashed password |
$ vi .htpasswdlucy:$y$j9T$PiRPvEKe86T6/hH/Rdlh90$eQbrTxlziyxQL3CTAlCFS5BmzMysCcAi5Dd/HYkTqL8 (1)| 1 | This line allows the user named lucy to authenticate via the password that produce this hash |
Reload your page (or folder) from your web browser to verify that it really asks for credentials. If not, you might not be using Apache / Apache2, you might have bad file rights or file path.
Meta-Press.es: search-engine