Cakephp Password Protection with htaccess and htpasswd - howto?

Question

How can I password protect my website during development with htaccess in Cakephp?

• which htaccess file do I have to change?
• what do I have to write in the htaccess
• where do I put the .htpasswd?

I searched google for that but couldn't find anything useful, I hope you could help me!

---

Thanks Till that helped me solve the problem!

For CakePHP-Users: - Modify the .htaccess in /app/webroot/ - add something like that at the beginning of the .htaccess-file:

AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /complete/path/to/.htpasswd
AuthGroupFile /dev/null 
require valid-user

Now create the .htpasswd-File in /app/webroot/ and drop something like this in:

admin:PASSWORD

The "PASSWORD" is a transformed version of your real password, I created it with this tool: http://tools.dynamicdrive.com/password/

I think there are much more ways to create this, but for me it worked and maybe this helps other cakephp users too.

Answer 1

You probably have a .htaccess in your document root, so you would add to this file since it's the first so to speak -- if you want to protect the entire website. Otherwise add a .htaccess file in the directory you wish to protect.

Then, check out this howto: http://httpd.apache.org/docs/2.2/howto/auth.html

In a nutshell, this is what you add:

AuthType Basic
AuthName "dev"
AuthUserFile /complete/path/to/.htpasswd
Require valid-user

The command to add users is:

htpasswd -c /complete/path/to/.htpasswd yourusername

Make sure you read the above howto anyway!

Answer 2

http://snook.ca/archives/servers/password%5Fprotect%5Fadmin/

The first link has information on using .htaccess security from within cake apps. The comments include a >hackish< workaround on how to do this for only the admin routes.