Using mod_auth_mysql to protect files via a database

The most common way to password-protect files and directories is by using our control panel to protect entire directories.

However, we also have the mod_auth_mysql Apache module installed, which lets you protect your files with user names and passwords that are stored in a MySQL database.

Please note that using this module is only recommended for advanced users. Unfortunately, we may not be able to provide assistance if you have certain configuration problems.

Basic Usage

1. Create a security database

Create a MySQL database which you will use to hold the user names and passwords. Add username and password columns to a table in the database.

If you are using software which already comes with a security database, then you do not need to create a new database.

2. Add lines to a .htaccess file

Add the following lines to a .htaccess file in the directory that you want to protect:

AuthBasicAuthoritative Off
AuthUserFile /dev/null
Auth_MYSQL on
Auth_MySQL_Authoritative on

Auth_MySQL_DB <your mysql database>
Auth_MySQL_Username <the mysql database username>
Auth_MySQL_Password <the mysql database password>
Auth_MySQL_Password_Table <the table containing the authentication data>
Auth_MySQL_Username_Field <the field containing the username>
Auth_MySQL_Password_Field <the field containing your password>

Auth_MySQL_Empty_Passwords off
Auth_MySQL_Encryption_Types Plaintext Crypt_DES

AuthName "<Your description>"
AuthType Basic
require valid-user

Be sure to edit the values above as appropriate. For instance you need to specify the database login details and the location of your authentication data.

3. Generating encrypted passwords

If you are installing a program or script written by someone else, then you won't need to generate your own encrypted passwords and can skip this section. However, if you are writing your own script, and intend to encrypt the passwords, then the following information may be useful.

The mod_auth_mysql module works with "plain text" passwords and passwords created with the standard "DES-based encryption", which uses a two character salt (you don't need to specify which type you are using — it will test both until it finds a match). The following PHP support page explains how you can use the crypt function to generate these passwords:

http://uk3.php.net/crypt

So, if your password was simply "password", you could use this simple script to generate the encrypted form for you, which you would then need to enter into your database:

<?php

$var = crypt('password', 'pa');
echo "$var\n";

?>

It would generate the following encrypted password:

papAq5PwY/QQM

Additional Information

There are many conflicting Web pages describing how to use different versions of mod_auth_mysql and different usage scenarios. Some instructions tell you to configure mod_auth_mysql with entries in the apache2.conf or httpd.conf file. You cannot edit these files on our servers (due to security restrictions). Instead, you should be able to put the necessary entries into an .htaccess file as discussed in step 2 above.