Berikut ialah panduan praktis untuk mengamankan aplikasi berbasis website kita dengan menggunakan .htaccess :
- Konfigurasi ulang utk webserver anda, untuk tutorial ini menggunakan webserver apache
# vi /etc/httpd/conf/httpd.conf
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
# Mengamankan akses ke folder
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
# aktifkan .htaccess
AllowOverride All
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
- Buat file .htaccess dan tempatkan di dalam direktori website anda
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/mysqlweb/public_html/.htpasswd
AuthGroupFile /dev/null
require valid-user
- Buat file .htpasswd, bisa menggunakan htpasswd generator online seperti http://aspirine.org/htpasswd_en.html atau http://htpasswdgenerator.net/ dan lain sebagainya :
#admin PasswordAdminWebsite
admin:$apr1$2aUZu.iI$jpny/50c8lP6vA4FrBtRl/
Semoga bermanfaat..
