Apache Friends Support Forum

[Dave_L]

I've added the following to httpd.conf to block web access (password-protect) the directories and files that XAMPP creates, so that only the directories I create are publicly accessible:

Code: Select all

<Directory ~ "C:/xampp/htdocs/(contrib|forbidden|modperl|modperlasp|restricted|xampp)">
AuthName "Restricted"
AuthType Basic
AuthUserFile "C:\xampp\security\xampp.users"
Require valid-user
</Directory>

<Directory "C:/xampp/htdocs">
<Files ~ "apache">
AuthName "Restricted"
AuthType Basic
AuthUserFile "C:\xampp\security\xampp.users"
Require valid-user
</Files>
</Directory>

Is there a simpler way of doing this? Ideally, I'd like to "negate" a regex pattern, so that I can list the directories I've created, and block access to everything else. But I couldn't figure out a way of doing that with the Apache directives.

[ldivinag]

well, first dont use the default HTDOCS and all of the sub dirs under it. that is if you are using xampp for a production server.

create a new one just tell apache where it is.

then create .htaccess for any subdir you wanna protect.

then just copy and paste (and then edit the appropriate values):

AuthName "Restricted"
AuthType Basic
AuthUserFile "C:\xampp\security\xampp.users"
Require valid-user

authname = whatever you wanna name it
authuserfile = create this password file using htpasswd. again, this can be anywhere and any filename. just edit this line CAREFULLY or else it wont find the proper password file to authenticate to...