1

I am trying to deploy .htpasswd in a more scalable manner.

I have a /parent-directory/ with several .htpasswd protected child directories:

  • /child-directory-1/
  • /child-directory-2/
  • /child-directory-3/
  • /child-directory-4/

At present each child directory contains the following files:

  • .htaccess
  • .htpasswd
  • index.php

and each .htaccess file points to its accompanying .htpasswd file.

E.g.

/parent-directory/child-directory-1/.htaccess:

# PASSWORD PROTECT FILES
AuthType Basic
AuthName "Enter Page 1 Username and Password"
AuthUserFile /my-path/parent-directory/child-directory-1/.htpasswd
Require valid-user

etc.

Having a separate .htaccess for each separate .htpasswd is cumbersome however.

What I'd really like to have is a single .htaccess file in the parent-directory:

/parent-directory/.htaccess

which then contains pointers to each .htpasswd file for each child directory.

Is this possible?

I am messing around with:

<Files "/child-directory-1/">
AuthType Basic
AuthName "Enter your Page 1 Username and Password"
AuthUserFile /my-path/parent-directory/child-directory-1/.htpasswd
Require valid-user
</Files>

<Files "/child-directory-2/">
AuthType Basic
AuthName "Enter your Page 2 Username and Password"
AuthUserFile /my-path/parent-directory/child-directory-2/.htpasswd
Require valid-user
</Files>

and variants, but I cannot get anything to work.

Progress

I have added an .htaccess to the /parent-directory/, enabling me to replace the 4 index.php files (one in each child directory) with a single index.php file in the /parent-directory/.

Here is the .htaccess:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^[^\.]+$ http://%{HTTP_HOST}//parent-directory/
</IfModule>

This enables me to reduce the number of files in each child directory from 3 files:

.htaccess
.htpasswd
index.php

to 2 files:

.htaccess
.htpasswd

But... it still does not enable me to achieve the result I really want, which is ditching the .htaccess file in each child directory.

Community
  • 1
  • 1
Rounin
  • 27,134
  • 9
  • 83
  • 108
  • I've tried `` and `` and `` - but I'm not having any luck with those either. – Rounin Jan 13 '18 at 15:07
  • Everything I am reading suggests that the HTTP Authentication instructions (`AuthType`, `AuthName` etc.) must be in an `.htaccess` file which resides in the folder the HTTP Authentication applies to. – Rounin Jan 13 '18 at 17:13
  • 1
    [By default: **"the directives apply to that directory, and all subdirectories thereof"**](http://httpd.apache.org/docs/current/howto/htaccess.html#what) so per default you just need to set up the parent directory and all child directories are then also protected – caramba Jan 14 '18 at 17:27
  • Thanks, @caramba. But each child directory is no longer protected with its own separate password, right? (In case it wasn't clear - the four separate subdirectories have four separate passwords). – Rounin Jan 14 '18 at 19:27
  • Well in that case I would just add both files `.htaccess` and `.htpasswd` again in every directory. Cause then I would know it works 100% and could move on with all the other stuff I need to solve during one day :) – caramba Jan 14 '18 at 19:54
  • Thanks. Yes, I know that what I have works. :-) The background of my question above is that I am trying to improve it. (If improvement is possible.) – Rounin Jan 14 '18 at 21:36
  • Imagine one day, a few months or years later another developer has to add another username to just one directory. If it's solved like what it works and should work everyone knows how to do it or finds resources on how to do it. Where is improvement if you can't find out how to do it? – caramba Jan 15 '18 at 05:51
  • I need explain this more clearly. Let's say there are 3 sections: Sections 1, 2 and 3 each have their own Password. If I want to add a Section 4 at some point, I'd rather edit a **single file** in the parent directory and add the password to that file (beneath the three existing passwords), then create a new subfolder, open the new subfolder, create a new password file for the new subfolder and save it to the new subfolder. Why have multiple subfolders and multiple files when you could have a single file and no subfolders at all? The latter is much more scalable and much easier to maintain. – Rounin Jan 15 '18 at 13:42
  • Possible duplicate of [Password protect a specific URL](https://stackoverflow.com/questions/14603568/password-protect-a-specific-url) – dave Jan 22 '19 at 00:04

1 Answers1

-1

Just put .htaccess into the folder you want to restrict and type this code

## no access to this folder

# Apache 2.4
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>

# Apache 2.2
<IfModule !mod_authz_core.c>
    Order Allow,Deny
    Deny from all
</IfModule>
Talib
  • 1
  • 1
  • The child directory may not actually exist on the filesystem. There could be a URL path that is handled by routing rules in such a way that there's no place to put such an htaccess file. If you want to protect a certain URL path that doesn't exist in the file system, this would not work. – dave Jan 22 '19 at 00:00