Skip to main content
knackforge blog knowledge base

Enabling HTTP authentication for private Drupal site

At KnackForge we try to follow best practices in all our development processes. The list includes protecting development and stage sites from unauthorized access and search engines. HTTP authentication has been the simple and prime option of our choice. The steps involved in this process is fairly minimal and depends on apache's .htaccess file. Thus needs no restart to the web server.

 

[[{"type":"media","view_mode":"media_original","fid":"93","attributes":{"alt":"","class":"media-image","typeof":"foaf:Image"}}]]

 

Step 1 : Create passwd file

# htpasswd -c /etc/apache2/passwd/drupal7 sivaji

New password: 
Re-type new password: 
Adding password for user sivaji
 
command htpasswd manages the password in a flat file. The arguments /etc/apache2/passwd/drupal7 and sivaji represents the password file path and username respectively.  Change the above to match your requirements. For convenience I chose the default Apache configuration path and name could be any valid string that you wish to use at the time of authentication. Issuing the above command will prompt to enter the password and the same will be used at the time of authentication.

 

Step 2 : Changing file path (optional but recommended)

# chmod 644 /etc/apache2/passwd/drupal7

 

Step 3 : Add config to Drupal's .htaccess

Add the below config lines to the end of .htaccess file. 

AuthType Basic
AuthName "Drupal 7 protected site authentication required."
AuthUserFile /etc/apache2/passwd/drupal7
Require user sivaji