Controlling access by hostname or IP is great when you want to ensure that only a network or machine you recognize is accessing your site or to block that pesky web spider that rudely ignores your robots.txt file. It is, however, used less often than user-based authentication.
To start the process, we’re first going to create the user database. This database will contain all the usernames and passwords that will be authenticated against; they’re not keyed to any specific directory, so you could use one database for 300 users spread across two dozen directories. To create the database, get into your Terminal and gaze blurry-eyed at the following command:
htpasswd -c /Library/WebServer/.htpasswd morbus
It’s nice and innocent, right?
is the name of the utility that creates
and modifies the user database. The
-c flag says
if this database doesn’t exist, create it.
/Library/WebServer/.htpasswd is the full path to
our database file, and you’ll want to take special
notice that it’s outside Apache’s
document root (which, in OS X, is defined as
/Library/WebServer/Documents). Sticking the file
outside the document root ensures that no one can view this database
from the Web. Finally,
morbus is the user that you
want to add to the database. Here’s sample output
from this command:
htpasswd -c /Library/WebServer/.htpasswd morbusNew password:
********Re-type new password:
********Adding password for user morbus
You’ll want ...