This page describes the process of getting Apache to protect a directory using digest authentication.
Using digest authentication, your password is never sent across the network in the clear, but is always transmitted as an MD5 digest of the user’s password. In this way, the password cannot be determined by sniffing network traffic. This is good for when your web clients are not using SSL.
Digest authentication is implemented by the module mod_auth_digest. Please have that loaded in the httpd.conf
Protecting a Location or Directory
Put the following in the Location or Directory tag…
AuthType Digest AuthName Protected # You can use the htdigest program to create the password database: # the -c parameter overwrites a file if it exists. Remove it to append. # htdigest -c "/usr/local/user.passwd" Protected myUser AuthUserFile "/usr/local/user.passwd" AuthDigestProvider file require user myUser myUser2 myUser3
Note: You must protect the user file from unauthorized users.