Tag Archives: Apache

Password protect a Location, LocationMatch or VirtualHost in Apache (XAMPP and Mac OS X)

Protecting a Location or VirtualHost in Apache is very similar to protecting a folder as I explained in “Password protect a folder in Apache (XAMPP and Mac OS X)“. The first part is just the same, creating a file with the user and password you want to use with the htpasswd command. Again, remember to place this file in a folder where no one can download it from the server.

/Applications/XAMPP/xamppfiles/bin/htpasswd -c /Applications/XAMPP/etc/.htpasswd admin
New password: 
Re-type new password: 
Adding password for user admin

Then go to your configuration file where your , and/or tags are and add just the same configuration lines as we did for protecting a folder with .htaccess file. For example to protect the XAMPP special locations open /Applications/XAMPP/xamppfiles/etc/extra/httpd-xampp.conf file and add the lines in bold font:


    AuthName "Protected Area"
    AuthType Basic
    AuthUserFile /Applications/XAMPP/xamppfiles/etc/.htpasswd
    Require valid-user

    Order deny,allow
    Deny from all
    Allow from ::1 127.0.0.0/8 \
               fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
               fe80::/10 169.254.0.0/16

    ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var

To password protect a VirtualHost just edit the /Applications/XAMPP/xamppfiles/etc/extra/httpd-vhosts.conf file and add the same lines to your VirtualHost. For example:


    AuthName "Protected Area"
    AuthType Basic
    AuthUserFile /Applications/XAMPP/xamppfiles/etc/.htpasswd
    Require valid-user
    ServerAdmin webmaster
    DocumentRoot "/Users/user/Documents/Webs/test.local"
    ServerName test.local
    ServerAlias test.local
    ErrorLog "logs/test.local-error_log"
    CustomLog "logs/test.local-access_log" common
    DirectoryIndex index.php index.html index.htm
    
        #IndexOptions +FancyIndexing NameWidth=*
        #Options Includes FollowSymLinks Indexes
        AllowOverride All
        Order allow,deny
        Allow from all
    

Password protect a folder in Apache (XAMPP and Mac OS X)

First you have to create a file with the user and the password to be used with htpasswd:

/Applications/XAMPP/xamppfiles/bin/htpasswd -c /Applications/XAMPP/etc/.htpasswd admin
New password: 
Re-type new password: 
Adding password for user admin

It’s important to place this file in a place not available from the web service thus no one can download that file. Then add a .htaccess file to the folder you want to protect:

vi /Users/user/Documents/Webs/test.local/.htaccess

And add this content:

AuthName "Protected Area"
AuthType Basic
AuthUserFile /Applications/XAMPP/etc/.htpasswd
require valid-user

Reload the Apache server and then when you try to access to that folders URL you will get an auth prompt like this:

Source: Stabeler.

Configure virtual hosts for XAMPP in Mac OS X

Lets suppose we want to have 2 virtual hosts in our server wich will be accesible via http://web1.site and http://web2.site and their content will be stored respectively in:

/Users/user/Documents/Webs/web1.site

and

/Users/user/Documents/Webs/web2.site.

Firts we have to configure web1.site y web2.site to be resolved to our computer. We could configure a DNS server for that task but it’s much simpler to edit the /etc/hosts file and add:

127.0.0.1 web1.site
127.0.0.1 web2.site

Check in a terminal that doing ping to those names they are resolved as 127.0.0.1:

$ ping web1.site
PING web1.site (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.044 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.068 ms

Download XAMPP and install it.

Edit /Applications/XAMPP/etc/httpd.conf and change User and Group parameters to your user name and staff group.

User user
Group staff

Uncomment the line that includes the virtual hosts configuration file:

# Virtual hosts
Include /Applications/XAMPP/etc/extra/httpd-vhosts.conf

Edit Applications/XAMPP/etc/extra/httpd-vhosts.conf and delete 2 example VirtualHost that come by default and add the following:


    ServerAdmin webmaster
    DocumentRoot "/Applications/XAMPP/xamppfiles/htdocs"
    ServerName localhost
    ServerAlias localhost
    ErrorLog "logs/localhost-error_log"
    CustomLog "logs/localhost-access_log" common

 

    ServerAdmin webmaster
    DocumentRoot "/Users/user/Documents/Webs/web1.site"
    ServerName web1.site
    ServerAlias web1.site
    ErrorLog "logs/web1.site-error_log"
    CustomLog "logs/web1.site-access_log" common
    DirectoryIndex index.html
    
        #IndexOptions +FancyIndexing NameWidth=*
        #Options Includes FollowSymLinks Indexes
        #AllowOverride All
        Order allow,deny
        Allow from all
    

 

    ServerAdmin webmaster
    DocumentRoot "/Users/user/Documents/Webs/web2.site"
    ServerName web2.site
    ServerAlias web2.site
    ErrorLog "logs/web2.site-error_log"
    CustomLog "logs/web2.site-access_log" common
    DirectoryIndex index.html
    
        #IndexOptions +FancyIndexing NameWidth=*
        #Options Includes FollowSymLinks Indexes
        #AllowOverride All
        Order allow,deny
        Allow from all
    

As you can see there is also a VirtualHost for the root of XAMPP thus we can access status info of the server and phpMyAdmin console.

Put inside our 2 web folders a index.html file with some content, start XAMPP and check you can access to both virtual hosts URLs and that you see index.html content. You can chane DirectoryIndex value to any amount of file names and XAMPP will load the first one it finds. For example to try loading firs index.php and then index.html:

DirectoryIndex index.php index.html

If you want to access to the folder content of the directories just uncomment first 3 lines in ... tag. Other way you would get a 403 error.