Password protecting a domain using .htaccess:: lasting 2-3 hours

[say_hello]

hello dear experts,

i am currently trying to achieve password protect a domain and all of it's subdirectories and files, but my knowledge on the matter is very limited, how can I go about doing that?

i want to do this for a wordpress site - in other words:; i want to passwordprotect a site

i guess that this is a simple two step process

In the .htaccess i think i can put

Code: Select all

AuthType Basic
AuthName "restricted area"
AuthUserFile /path/to/the/directory/you/are/protecting/.htpasswd
require valid-user

for the password generation i can use

- the passwordgenerator of python or
- the passwordgenerator of keepass or i also can make
- use of http://www.htaccesstools.com/htpasswd-generator/ or simpliy
- command line to generate password and put it in the .htpasswd



Note 1: i am using winSCP or filezila to put it to the server - btw. should i do more confifguration; e.g. configure in the security section "Password Protect Directories"

then propably we need to do a AllowOverride All to the directory of the .htaccess (or at least to previous ones) in http.conf followed by a apache restart

Code: Select all

<Directory /path/to/the/directory/of/htaccess>
      Options Indexes FollowSymLinks MultiViews
      AllowOverride All
</Directory>

note: what if i want to have this protection in a special way - so that i can

- call the domain
- open the passwordprotected site - and have access to the site for 2 or 3 hours
- is this possible?!


note - generally i have learned that i can passwordprotect a directory served by Apache via a .htaccess file in the directory we want to protect and a .htpasswd file that can be anywhere on our system that the Apache user can access (but put it somewhere sensible and private).


is it a good idea to put .htpasswd in the same folder as .htaccess.

The .htaccess file for the wordpress already exists:


if it would not exixt i should have to create it and insert:

Code: Select all

AuthType Basic
AuthName "Your authorization required message."
AuthUserFile /path/to/.htpasswd
require valid-user

Then we should create a .htpasswd file using whatever username and password we want. And yes: The password should be encrypted.

note: i am on a Linux server, - well here we can use the htpasswd command which will encrypt the password for us.
Here is how that command can be used for this:

Code: Select all

htpasswd -b /path/to/password/file username password
	

the question is: how to achive that: what if i want to have this protection in a special way - so that i can

- call the domain
- open the passwordprotected site - and have access to the site for 2 or 3 hours
- is this possible?!

[Michael-IDA]

the question is: how to achive that: what if i want to have this protection in a special way - so that i can

- call the domain
- open the passwordprotected site - and have access to the site for 2 or 3 hours
- is this possible?!

You sound like you already know how to do everything but the 2 or 3 hour part. For that, try this:

- create a dozen or so different AuthUserFile files
- store them outside the webserver ( Example: ~/AuthUserFiles/{filename} )
- create a bash script to rotate the AuthUserFile file *
- setup a cron job to call the bash script every 2 or 3 hours

That should do it.

Best,
Michael

* This can be done multiple ways, pick whatever you know, even if it’s just having a dozen copies of .htaccess to wholesale replace with. No real need to get fancy here.