I have a website i'm hosting in Apache (on Windows), and i'd like to protect it so that anyone going in needs to enter a password. This is not meant to be a fortress of security, I know this sucks, but it's better than nothing, and I don't want to go through any of the alternatives that'll make it more secure (they're truly not worth it for this).
What i'd like is for the typical HTTP authentication dialog to pop up asking the visitor for a password. Everyone will have the same password. In fact, if I can have the username be blank, that'd be ideal. If not, everyone will have the same username.
Could you let me know how I can do this? All tutorials I've found were for more advanced use cases, where the actual users/passwords of the machine were used.
Is it possible to just set this to a hardcoded password in a file? Or do I need to create a Windows user?
Best Answer
Google for:
Apache htpasswd basic auth
Steps:
Create htpasswd file. This file can be called anything, and should be outside your DocumentRoot. Use htpasswd utility for this
Add the following to your Apache config, in either (a) your main apache2.conf (more centralized, arguably more manageable) or (b) an .htaccess file in the protected dir (easier, more direct, no apache restart required)
Reload Apache if you did (a), otherwise you are done.
If this happens: htpasswd: command not found
You may need to install apache2-utils or a similar package.
However, I don't really think you searched very hard. There is nothing if not 10s of thousands of examples of this process on the WWW, dating back to the mid '90s. But I'm feeling chatty, so you got a real answer instead of a smartass RTFM. But really, RTFM -- the Apache web server is one of the best documented pieces of open source software, period.
Update: Wow, you really didn't search very well. I just did an "I feel lucky" Google search for "password protect website" and got basically this answer.