How easy to protect folder in your Apache web server with htaccess file.
In this demo I will show you how to protect your phpMyAdmin folder – in the previous video we installed it to control our MySQL server and now we will protect it with username and password which the web server will ask for it.
Create an .htaccess File
Now that we have enabled .htaccess use for our application, we need to create one to actually implement some security.
In order for this to be successful, the file must be created within the application directory. We can create the necessary file and open it in our text editor with root privileges by typing:
sudo nano /usr/share/phpmyadmin/.htaccess
Within this file, we need to enter the following information:
AuthType Basic
AuthName “Restricted Files”
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user
Let’s go over what each of these lines mean:
AuthType Basic: This line specifies the authentication type that we are implementing. This type will implement password authentication using a password file.
AuthName: This sets the message for the authentication dialog box. You should keep this generic so that unauthorized users won’t gain any information about what is being protected.
AuthUserFile: This sets the location of the password file that will be used for authentication. This should be outside of the directories that are being served. We will create this file shortly.
Require valid-user: This specifies that only authenticated users should be given access to this resource. This is what actually stops unauthorized users from entering.
When you are finished, save and close the file.
Create the .htpasswd file for Authentication
Now that we have specified a location for our password file through the use of the AuthUserFile directive within our .htaccess file, we need to create this file.
We actually need an additional package to complete this process. We can install it from our default repositories:
sudo apt-get install apache2-utils
Afterward, we will have the htpasswd utility available.
The location that we selected for the password file was “/etc/phpmyadmin/.htpasswd”. Let’s create this file and pass it an initial user by typing:
sudo htpasswd -c /etc/phpmyadmin/.htpasswd username
You will be prompted to select and confirm a password for the user you are creating. Afterwards, the file is created with the hashed password that you entered.
If you want to enter an additional user, you need to do so without the -c flag, like this:
sudo htpasswd /etc/phpmyadmin/.htpasswd additionaluser
Now, when you access your phpMyAdmin subdirectory, you will be prompted for the additional account name and password that you just configured:
http://domain_name_or_IP/phpmyadmin
We need to add the configuration to our web/domain configuration file (000-default.conf )
in this case the 000-default is my primary domain (i’ve use mutlple domains)
Find and edit file via SSH or FTP:
sudo nano /etc/apache2/sites-available/000-default.conf
Then add following configuration to the file :
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
AllowOverride All
</Directory>
Save , restart apache
sudo service apache2 restart
