Security – Where should I put the htpasswd file in a plesk domain for use with .htaccess

.htaccessapache-2.2htpasswdSecurity

I've got a path in my domain which needs apache to prompt for a password. I'll be using the .htaccess file to do this, so I can protect or unprotect by adding or removing the file.

I need a place to store the password file created by htpasswd. There are a few requirements.

The apache process can access it to do the authentication.
It is outside the document root for better security.
It doesn't require changing permissions of plesk created directories.
(Optionally) it exists somewhere where the owner of the domain can write to it.

This question assumes Plesk 8.6 and that normal Plesk conventions are followed.

Is there a recommended location?

Best Answer

I usually place it in /etc/httpd/ if it's used by multiple vhosts, if only used by one domain then one dir above the webroot would do as well. You can place it in the webroot as well just make sure there's a rule denying access to files with it's naming convention(usually in place by default):

<Files ~ "^\.ht">
  Order allow,deny
  Deny from all
</Files>

Related Solutions

How to password protect the domain with htaccess

So, you want it to require a password for / and /index.html but not anything else?

Add:

<Location />
Require valid-user
</Location>

Htpasswd and htaccess in Plesk 9.3

Plesk stores their version of the htpasswd files in:

/var/www/vhosts/[DOMAIN]/pd

It appears to look and act like a normal htpasswd file. The config that declares which htpasswd file to use would be under:

/var/www/vhosts/[DOMAIN]/conf/httpd.include

Best Answer

Related Solutions

How to password protect the domain with htaccess

Htpasswd and htaccess in Plesk 9.3

Related Topic