Showing results for 
Search instead for 
Did you mean: 

Securing Apache directory

Alex Lavrov.
Honored Contributor

Securing Apache directory


I have several pages in apache that I want to secure with user and password. Securing it with basic authentication in Apache is not enough.

Can you please suggest a good and relatively not very complicated ways to do it? Also, link to how-to guide will be more than appriciated :)

I don't give a damn for a man that can only spell a word one way. (M. Twain)
Vibhor Kumar Agarwal
Esteemed Contributor

Re: Securing Apache directory

Try the crypt command.
Vibhor Kumar Agarwal
Robert Fritz
Regular Advisor

Re: Securing Apache directory

Note that Unix crypt is a poor encryption scheme.

I'd suggest HTTPS, using client and server side certificate checking vs. basic_auth (which is the native username/password scheme). HTTPS has been done a lot, so there are plenty of examples / libraries out there to help.

Alternatively, if you really want to use user/pass, you could *not* check the client cert (still checking server cert to avoid man-in-the middle), and then use basic auth over HTTPS.
Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin