the perspicacious ramblings of droo

.htaccess – No Auth for local access/Auth for outside access

For this, we’ll throw an .htaccess file into the directory you don’t want anyone to access that’s served via apache. For this, we’ll also have to have the following set for the directory in the httpd.conf file: AllowOverides AuthConfig

Here’s what the .htaccess file should look like (with a few modifications for location and network if you need):

AuthType Basic
AuthName "Remote Auth"
AuthUserFile /var/www/html/.htpasswd
Require valid-user

Order deny,allow
deny from all
allow from 192.168.0

Satisfy any

And then in the same directory, create the .htpasswd file by:

htpasswd -c .htpasswd username

Then when promptd, enter the password for that username. Make sure both files are owned by apache (or www-data if your webserver runs as such). Viola! It works.

(Note: To add more users that the htpasswd file, do the same command as above, without the -c)


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>