4.5.3 Access control for directory

If you create an access control file (.htaccess) under a specific directory, you can set access permissions for that directory. Specify a client name (IP address) and a user name for which access is permitted or denied in the access control file.

Organization of this subsection

(1) Access control file
(2) Example to set the access permission

(1) Access control file

If you create the access control file under a specific directory, you can set the access permissions for that directory. Specify the name of access control file in the AccessFileName directive. The default name is .htaccess.

The access control from the access control file is enabled without restarting the Web server. However, for correct operations you need to set the AllowOverride directive of httpsd.conf to an appropriate level that allows overwriting.

If you specify a password file in the access control file, the server will request user to enter the user name and password when the user accesses the directory.

Important note: The access control file (.htaccess) and password file (.htpasswd) need not have a one-to-one relationship. You can specify the same password file in the AuthUserFile directive for different access control files.

To Page Top

(2) Example to set the access permission

In a directory configuration such as the one given below, set the access permissions to access control files for each directory:

[Figure]

Defining access permissions under the auth directory (auth/.htaccess file)

Access from the server with IP address 172.18.102.11 and 172.16.202.4 is denied:
```
 Order deny,allow                      ...1.
 Deny from 172.18.102.11 172.16.202.4  ...2.
```
1. First evaluate the access denial definition
2. Define the access denial
Defining access permissions under the test1 directory (test1/.htaccess file)

Allow access to test1/index.html and test1/test12/index.html only when the user enters the user name=user001 and password=test1.
```
 AuthUserFile C:/user001/public_html/test1/.htpasswd      ...1. 
 AuthName "test1 Directory"                               ...2.
 AuthType Basic
 <Limit GET POST>                                         ...3.
    Require user user001                                  ...4.
 </Limit>
```
1. Define the password file
  
  The user name and password registered in the password file
  
  User name: user001, Password: test1
2. Define the realm name
3. Define the method
4. Allow access to user name: user001
Defining access permissions under the test1/test11 directory (test1/test11/.htaccess file)

Allow access to test1/test11/index.html only when the user enters user name=user001 and password=test11.
```
 AuthUserFile C:/user001/public_html/test1/test11/.htpasswd      ...1.
 AuthName "test11 Directory"                                     ...2. 
 AuthType Basic
 <Limit GET POST>                                                ...3. 
    Require user user001                                         ...4. 
 </Limit>
```
1. Define the password file
  
  The user name and password registered in the password file
  
  User name: user001, Password: test11
2. Define the realm name
3. Define the method
4. Allow access to user name: user001
Defining the access permissions under the test1/test12/test121 directory (test1/test12/test121/.htaccess file)

Allow access to test1/test12/test121/index.html only when the user enters user name=user001, and password=test1, and the Web browser is MSIE.
```
 Order deny,allow      ...1. 
 Allow from env=MSIE   ...2. 
 Deny from all         ...3. 
```
1. First evaluate the access denial definition
2. Allow access if Web browser is MSIE
3. Deny access from all hosts
However, define the following directive in httpsd.conf:
```
SetEnvIf User-Agent ".*MSIE.*" MSIE
```
Defining access permissions under the test2 directory (test2/.htaccess file)

Allow access to test2/index.html only when the user enters the user name and password of the mygroup group.
```
 AuthUserFile C:/user001/public_html/test2/.htpasswd        ...1. 
 AuthGroupFile C:/user001/public_html/test2/.groupfile      ...2. 
 AuthName "test2 Directory"                                 ...3. 
 AuthType Basic
 <Limit GET POST>                                           ...4. 
    Require group mygroup                                   ...5. 
 </Limit>
```
1. Define the password file
  
  The user name and password registered in the password file
  
  User name: user001, password: test21
  
  User name: user002, password: test22
  
  User name: user003, password: test23
2. Define the group file
  
  The group name registered in the group file
  
  Group name: mygroup
  
  The user names registered in mygroup: user001, user002, user003
3. Define the realm name
4. Define the method
5. Allow access to the group name: mygroup

To Page Top