This is for guys who want to understand how protecting directories work in xampp using simplest way!
As I tried many many ways and read a lot, I wanted to share with you a very easy and short way to use .htaccess protecting thing with xampp for window
First, you need to understand the process:
1- Once you request any file in the server, Apache will check for file called .htaccess inside the folder/file you are requesting:
Example: if you request: http://yourdomain/folder1/folder2/filename.html
Apache will check first global httpd.conf file and apply directives, AFTER THAT, it will start checking folder1 then folder2 for ".htaccess" file and if it existed or not
2- You need the file ".htaccess" to be in that folder, or any above folder
Example: if .htaccess file exists in folder1, it will read all information from it, regardless to what is it in httpd.conf (global settings)
- if another .htaccess exists in folder 2 also, it will apply those settings to folder2 ONLY and any folder inside it
3- What is .htaccess?
Simply is a file to tell Apache where your username and password(s) are located!
Example for what is inside .htaccess file:
- Code: Select all
AuthType Basic
AuthName "NOT ALLOWED TO ACCESS FROM EVERYBODY"
AuthUserFile C:\\xampp\\security\\folder1passwords.txt
Require valid-user
4- Now, as you can see, it is only to locate where is our password file located, so you need that password file which is called: "folder1passwords.txt"
and best location to store it is somewhere that can't be accessed via web, like c:\xampp\security (thanks Sharley, you are the best )
- This is how your "folder1passwords.txt" file should appear from insdie:
- Code: Select all
user1:$apr1$z00gp/..$H4bYagczvliyfJoau34SP/
NOTE: user1 is the username, and the other part after is the password ENCRYPTED using md5
If you need more than one username and password, add another line to your file "folder1passwords.txt"
- Each line presents new username with its encrypted password
5- You can include any other codes (directives) to your ".htaccess" - but there should be only one ".htaccess" file in each folder!
Example: enable folder indexing:
- Code: Select all
Options +Indexes
Example: disable folder indexing:
- Code: Select all
Options -Indexes
Remember: these settings are watched globally via httpd.conf, but when adding them in the .htaccess file in each folder it will override those global settings, and apply the new specified settings to this folder and all folders inside it...
Second, Use this for even easier work
- To get rid of the dot affront of ".htaccess" file and be able to create new files in windows (windows doesn't allow creating such file name" we are going to change it:
1- Xampp does identify the ".htaccess" file default using "httpd-default.conf" located -by default- in: C:\XAMPP\apache\conf\extra
Open it using notepad (Since we are in stupid windows environment) - locate:
- Code: Select all
AccessFileName: .htaccess
- change it to
- Code: Select all
AccessFileName: myhtcontrol.txt
- Or any other name ends with txt - to open it directly with notepad (the only nice software in windows )
- Restart Apache (Important) to apply the new global settings
2- Now, use this easiest tool (tested and worked with xampp) to create our myhtcontrol.txt
http://www.htaccesstools.com/htaccess-authentication/
- First field will display the message to whoever accessing the file from web: example: "this is not allowed"
- Second filed put your password file full path as explained above
- I recommend to make new password file for each protected folder... this will make it easier to delete it later if you want to disable access to that user...
3- Create you password file from the same handy website using the other tool: htpasswd generator
http://www.htaccesstools.com/htpasswd-generator/
- Here it will give you the user and the encrypted password, copy them and paste to your file: "folder1password.txt"
- Done, place your folder1password.txt in the security folder as explained above, and try accessing the folder via http
- It should ask you to insert username and password.
In short, Apache accessing the folder for you, if found the file specified in httpd-default.conf - it will start reading it
- If code containing path to password file was found (myhtcontrol.txt) it will check it and give message to user to enter login info
- Once user put login info, Apache will check the encrypted password file for that information and display what suppose to display if password was ok
- If password was not correct it will return error
Even shorter: Apache > folder containing access file > access file path > checking password file > return error or display content.
Where:
- Access file path is: ".htaccess" or "myhtcontrol.txt" if you changed it via "httpd-default.conf"
- Password file is the one encrypted in your xampp\security as said above
NOTE: Apache does protect everything starting with .ht NOT to be downloaded via http so users do not know where your password file actually is stored on the server... So, if you changed the ".htaccess" file name as explained in this tutorial, you need to add the following code to global http.conf setting file to disallow users from accessing your htaccess file - also you need to check for it by trying to download it from the server.... this is important.. if you could download it, that is not good
This is in the main httpd.conf says:
- Code: Select all
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
You will need to add to your global httpd.conf (the mian one, not the default one - usually click on admin in xampp control panel beta 3 and select http.conf
(c:\xampp\apache\conf\httpd.conf)
Add as per your file name, based on above example:
- Code: Select all
<FilesMatch "^\myhtcontrol.txt">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
NOTE: There are many other other way(s) to add/edit the ".htaccess" files and the password files, this is just what i found it easier and simplest one and I hope it will make it easier for beginners who are looking for such information.
Thanks Sharely, thanks Altrea
Good luck
Mike