Central management of password-protected folders?

Forum Moderators: phranque

Message Too Old, No Replies

Central management of password-protected folders?

Want to avoid dozens of htaccess/passwd combos

louponne

10:41 pm on Jul 22, 2006 (gmt 0)

At the present, I have many htaccess/htpasswd files scattered around my webserver, protecting various directories. All is working fine, but as I have more and more, I'm thinking "there has to be a better way" - that i, there must be a way to manage this sort of thing in a centralized manner.

Is there? If yes, are there disadvantages to doing it that way that I may not be thinking of?

thanks!

coopster

11:54 am on Jul 24, 2006 (gmt 0)

If the main server configuration file option is not available to you or perhaps not desirable, you can still scatter your .htaccess files but use a single .htpasswd and/or .htgroup file. Just keep the password and group file in one directory and refer to those files within that directory from each invocation of .htaccess authentication.

Apache tutorial on .htaccess files [httpd.apache.org]

louponne

6:33 pm on Jul 27, 2006 (gmt 0)

Password protection does not have to be done in the per-directory override file (.htaccess). As a matter of fact, if you have access to the main server configuration file (httpd.conf) that is the the preferred method.
If the main server configuration file option is not available to you or perhaps not desirable, you can still scatter your .htaccess files but use a single .htpasswd and/or .htgroup file. Just keep the password and group file in one directory and refer to those files within that directory from each invocation of .htaccess authentication.

Hi coopster,

Many thanks for getting back to me on this! :)

As a matter of fact, if you have access to the main server configuration file (httpd.conf) that is the the preferred method

So, in the http.conf file, I'd be putting the same code as in the separate .htaccess files, right?

And it would refer to the centrally located .htpasswd file you mentioned.

Isn't it a bit risky to be opening the http.conf file all the time to be making those additions? Does it matter if the http.conf file starts getting really large?

coopster

1:15 pm on Jul 28, 2006 (gmt 0)

At what risk? Opening the

httpd.conf

file to edit is no riskier than editing individual

.htaccess

files. If the file starts getting large it is still no different than having the text directives spread across the filesystem -- Apache still needs to read and process the directives. It' just faster when it resides in the main configuration, that's all. It's all in the linked document mentioned earlier.

louponne

4:34 pm on Jul 28, 2006 (gmt 0)

I guess I was thinking risk because with several sites on my server, if I mess up an .htaccess file, it's just that site that goes wierd - if I somehow mess up the central http.conf, then everything goes bonkers. Just lack of experience speaking, I guess.

Thanks again coopster!

coopster

5:18 pm on Jul 28, 2006 (gmt 0)

Oh, OK, I understand. Well, with a combination of <VirtualHost> and <Directory> containers you should be able to keep things organized.

louponne

12:42 pm on Jul 31, 2006 (gmt 0)

Yes, after considerable testing I set my first one up! :)

I'll have about 60 password-protected directories on my machine, and I saw in some of the documentation that it was better to do it via a DB, but that looks a little beyond my skill level, so I'll continue doing the <Directory> things in the http.conf file

Thanks again coopster!