H2O

the optimized HTTP/1.x, HTTP/2, HTTP/3 server

Powered by Oktavia

Configure > Using Basic Authentication

Starting from version 1.7, H2O comes with a mruby script named htpasswd.rb that implements Basic Authentication. The script provides a Rack handler that implements Basic Authentication using password files generated by the htpasswd command.

Below example uses the mruby script to restrict access to the path. If authentication fails, the mruby handler returns a 401 Unauthorized response. If authentication succeeds, the handler returns a 399 response, and the request is delegated internally to the next handler (i.e. file.dir).

Example. Configuring HTTP authentication using htpasswd.rb
paths:
  "/":
    mruby.handler: |
      require "htpasswd.rb"
      Htpasswd.new("/path/to/.htpasswd", "realm-name")
    file.dir: /path/to/doc_root

In H2O versions prior to 2.0, you should specify "#{$H2O_ROOT}/share/h2o/mruby/htpasswd.rb" as the argument to require, since the directory is not registered as part of $LOAD_PATH.

For convenience, the mruby script also forbids access to files or directories that start with .ht.