I recently used Apache 2.0’s HTTP Basic Authentication (via mod_auth_dbm) to restrict access to portions of my website. It’s simple as pie.
Use this block of directives in the directory you want to restrict:
AuthType Basic
AuthName “secret area”
AuthDBMUserFile /home/me/secret_users
AuthDBMGroupFile /home/me/secret_users
AuthDBMAuthoritative on
Require valid-user
Then set up a cute little users database with the “htdbm” tool:
cd /home/mehtdbm -c secret_users me
(enter password)
htdbm secret_users another_user
(enter password)
The main problem: you really can’t “logout” once you use HTTP Basic Authentication to get access to a restricted website. This thread explains why (along with some tomfoolery to hack around it).
