Web howtos

• Host multiple domains: setting up virtual hosts with Webmin
• Upload files and serve up HTML pages
• Password protecting your web pages: htaccess
• Securing your web traffic: installing an SSL certificate
• Who's looking at what: web statistics
• Using PHP: PHP Hello World, common problems and solutions
• Creating a maintenance page for your site
• Redirecting requests on your site

Password Protecting Your Web Pages: htaccess

Want to prevent people from viewing the files in a particular web directory?

Here are the steps that will enable you to secure a web directory (in this example, /var/www/html/admin directory or http://yourip/admin/).

• From an SSH command prompt run: htpasswd -c /etc/apache2/.htpasswd yourusername and specify the password you want (change the file location to suit). This will create a .htpasswd file like: yourusername:me7asnd1UpLYw (Dont put the htpasswd file inside your webroot for security reasons)
• In Webmin, go to Servers | Apache | Edit Config Files. Look for the AllowOverride directive under <Directory "/var/www/html"> (not <Directory />). Change the value from "AllowOverride None" to "AllowOverride AuthConfig" (or "AllowOverride All" if you want to change other, non-authorization related options).
• Go to Servers | Apache | Per-Directory Option Files.
• In the Create Options File input, enter the name of the .htaccess file you wish to create. e.g. /var/www/html/admin/.htaccess
• Go to Access Control. Set a 'Authentication realm name' of 'Admin' (or whatever you want). Set a Authentication Type of Basic (I tried Digest, but got an error in the apache logs about "configuration error: couldn't check user. No user file?"). Set a 'Restrict access by login' of 'Only these users' and enter a user name (must match the username used in the above htpasswd command). For "User text file" enter the name of an htpasswd file, e.g. /etc/apache2/.htpasswd. Make sure the Default option is not selected.
• Save your settings, then go back into the Access Control option. Select the Edit Users link. Add a New User.

Your .htaccess file options will look like this:

AuthType Digest
Require valid-user
AuthName "Admin"
AuthUserFile /etc/apache2/.htpasswd

Hit 'Apply Changes' (one of the tabs under the header on the main Apache Webserver page).

Resolving: "/etc/htaccess: order not allowed here" error in the Apache error_log

You may have selected one of the Access Checking Order options (e.g. 'Deny then allow'). You'll need to have an "AllowOverride All" (cf. AllowOverride AuthConfig) for this option to be valid for your server.