First off, I have to recommend reading the
official Apache 2.2 documentation.
As documentation goes, it ain't bad, although it is a lot to swallow all at once.
There are skads of articles you can find on apache topics using google searches.
As of early 2009, I am running Apache 2.2.9
These are my notes on some things I commonly need to do.
<Directory /> AuthUserFile /www/stuff/passwords AuthName Bozos circus AuthType Basic <Limit GET> require valid-user require user bozo </Limit> </Directory>Along with this you need the password file referenced in the above. Use the htpasswd command to generate it. What I use is:
htpasswd -bc zzz bozo clownOn my system this yields:
bozo:oBxAv./e98qnIPlace this line in the passwords file, restart the web server and, voila. (well maybe voila, there is more than meets the eye here).
<Location "/secret/"> Order deny,allow Deny from all </Location>
Rails (in my case deployed via mongrel) introduces a new twist into the password protection business. It would seem that the proxy handoff to mongrel happens well before any authentication checking, so all my attempts to place Auth directives in a directory section were for naught, but see the simple tip above.
Someone, somewhere suggested the following scheme to solve the above problem.
I mention it here, because it smells like a good rails trick I might want to use
someday for other things entirely.
In short, we have our controller use the method before_filter
to trigger a call to our controller method authenticate. We then have
our authenticate method do this:
authenticate_or_request_with_http_basic { |user,pass| user=="bozo" && pas == "clown" }
Adventures in Computing / tom@mmto.org