Wacky Apache password configuration

How to accommodate odd (and non-best-practice) requests for Apache authentication.

Note that I am not advocating doing any of this; I’m just saying that it’s possible and documenting how it can be done.

Authenticate users with an Apache password but no username.

No need to tell me that this isn’t a good idea.  I know.  But I had to do it nonetheless.

  1. Create the new password for the user “” (empty user).  If you already have an existing password file:
    htpasswd -b [/path/to/your/password/file] "" [your-password]

    Otherwise, create a new password file:

    htpasswd -c [/path/to/your/password/file] "" [your-password]

    In either case, replace the values [in brackets] with your own.  The system should return a confirmation message:

    Adding password for user
  2. Then edit either your main httpd.conf file, a virtual host configuration file, or a new .htpasswd file in the directory to be protected, with the following additions:
        <Directory "[/path/to/your/protected/directory]">
            Order allow,deny
            Allow from all
            AuthType Basic
            AuthName "[your description here]"
            AuthUserFile [/path/to/your/password/file]
            require valid-user
  3. Save the configuration file, restart Apache (apachectl graceful), and test your protected URL to ensure that you can log into the location with no user name but with your desired password (for whatever your reason may be).

Authenticate a directory with spaces in its path

Again, no need to tell me anything.  I already know what OS, office application, etc., that these people are using to generate their web content.  It’s not pretty.

Fortunately, this one’s a bit more straightforward.  One might assume that hex encoding [%20] or an escape character is necessary to declare such a path.  However counter-intuitive it may seem, that isn’t the case.

Follow the directions above, and in the Directory path directive, include the path to the protected directory, with all it’s glorious spaces included, without any encoding or escapes:

    <Directory "[/path/to your/protected directory/with spaces]">

That’s it.  Apache will do the rest.


2 thoughts on “Wacky Apache password configuration

  1. Hi John, I tried your steps for Apache authentication without username and it does`nt work. I running this on Linux. It prompts for the username, which i dont want to do.. I just need password protected configuration. Thanks. Bib

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s