Wacky Apache password configuration

2009 January 12
tags: , , , ,
by John DeStefano

How to accommodate odd (and non-best-practice) requests for Apache authentication.

Note that I am not advocating doing any of this; I’m just saying that it’s possible and documenting how it can be done.

Authenticate users with an Apache password but no username.

No need to tell me that this isn’t a good idea.  I know.  But I had to do it nonetheless.

  1. Create the new password for the user “” (empty user).  If you already have an existing password file: 
    htpasswd -b [/path/to/your/password/file] "" [your-password]

    Otherwise, create a new password file:

    htpasswd -c [/path/to/your/password/file] "" [your-password]

    In either case, replace the values [in brackets] with your own.  The system should return a confirmation message:

    Adding password for user
  2. Then edit either your main httpd.conf file, a virtual host configuration file, or a new .htpasswd file in the directory to be protected, with the following additions: 
        <Directory "[/path/to/your/protected/directory]">
        Order allow,deny
        Allow from all
        AuthType Basic
        AuthName "[your description here]"
        AuthUserFile [/path/to/your/password/file]
        require valid-user
    </Directory>
  3. Save the configuration file, restart Apache (apachectl graceful), and test your protected URL to ensure that you can log into the location with no user name but with your desired password (for whatever your reason may be).

Authenticate a directory with spaces in its path

Again, no need to tell me anything.  I already know what OS, office application, etc., that these people are using to generate their web content.  It’s not pretty.

Fortunately, this one’s a bit more straightforward.  One might assume that hex encoding [%20] or an escape character is necessary to declare such a path.  However counter-intuitive it may seem, that isn’t the case.

Follow the directions above, and in the Directory path directive, include the path to the protected directory, with all it’s glorious spaces included, without any encoding or escapes:

    <Directory "[/path/to your/protected directory/with spaces]">

That’s it.  Apache will do the rest.

from → Web

No comments yet

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS