I've got a path in my domain which needs apache to prompt for a password. I'll be using the .htaccess file to do this, so I can protect or unprotect by adding or removing the file.
I need a place to store the password file created by htpasswd. There are a few requirements.
The apache process can access it to do the authentication. It is outside the document root for better security. It doesn't require changing permissions of plesk created directories. (Optionally) it exists somewhere where the owner of the domain can write to it.
This question assumes Plesk 8.6 and that normal Plesk conventions are followed.
Is there a recommended location?
I usually place it in /etc/httpd/ if it's used by multiple vhosts, if only used by one domain then one dir above the webroot would do as well. You can place it in the webroot as well just make sure there's a rule denying access to files with it's naming convention(usually in place by default):
I placed it in /cgi-bin. It doesnt seem like it would belong there, BUT it satisfies all of your conditions:
The apache process can access it to do the authentication It is outside the document root for better security It doesn't require changing permissions of plesk created directories. It exists somewhere where the owner of the domain can write to it.