2007/7/22, Thomas Anderson andersonthomas@gmail.com:
I added a .htaccess file too, just in case. The reason I didn't want to use a .htaccess solution in the first place was because the password I intended to use was quite short and it seems as if apache does not "take a timeout" after a few failed attempts. That would make it possible to bruteforce my password quite quickly since I can download at 1 MiBps.
I increased the password length to > 20 chars as a workaround.
You don't need a password at all; you can just use the .htaccess file to restrict connections based on IP addresses. Something like
Order allow,deny Allow from 127.0.0.1
should probably work (although I should note I have little experience with Apache).