Controlling Web-Server Access by Username and Group
Controlling access by hostname or IP is great when you want to ensure that only a network or machine you recognize is accessing your site or to block that pesky web spider that rudely ignores your robots.txt file. It is, however, used less often than user-based authentication.
To start the process, we’re first going to create the user database. This database will contain all the usernames and passwords that will be authenticated against; they’re not keyed to any specific directory, so you could use one database for 300 users spread across two dozen directories. To create the database, get into your Terminal and gaze blurry-eyed at the following command:
% htpasswd -c /Library/WebServer/.htpasswd morbus
It’s nice and innocent, right?
htpasswd
is the name of the utility that creates
and modifies the user database. The -c
flag says
if this database doesn’t exist, create it.
/Library/WebServer/.htpasswd
is the full path to
our database file, and you’ll want to take special
notice that it’s outside Apache’s
document root (which, in OS X, is defined as
/Library/WebServer/Documents
). Sticking the file
outside the document root ensures that no one can view this database
from the Web. Finally, morbus
is the user that you
want to add to the database. Here’s sample output
from this command:
%htpasswd -c /Library/WebServer/.htpasswd morbus
New password:********
Re-type new password:********
Adding password for user morbus
You’ll want ...
Get Mac OS X Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.