htaccess Password Protection

You can protect a specific directory with the . htaccess file by doing the following:

1. Create a new file called . htpasswd in the same way as we created the . htaccess file above.

2. The . htpasswd file uses the following format for storing username and passwords:
username:password

There must be no spaces on the line before username, either side of the colon or after the password text. If you want several people to have access to the protected space, with each having a different login, you can add as many username/password lines as you wish making sure each one is on a separate line.

username can be any text or name but should not contain any spaces.

password should not be entered as plain text because this file could be viewed.

Use the following link to get an encrypted version of your password: http://www.euronet.nl/~arnow/htpasswd , then use the encrypted version as the password for the username.

To simplify the process, a tool now exists that can create your . htpasswd file entries for you which you can then cut/paste into your own . htpasswd file: http://users.plus.net/htpasswd/

3. Now you need to add this to the . htaccess file. Note: the example given is for the www server, it is different for the CGI server which is explained later:

AuthUserFile /share/isp/plusnet/www/uu/username/htdocs/directory/. htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic

require valid-user

The first line is the full server path to your . htpasswd file and will be different for each webspace (note: the path should be entered on the same line as AuthUserFile). To get your correct path for AuthUserFile just replace uu with the first 2 chars of your username, username with your username and directory with the name of the folder/directory you want to password protect. The . htaccess and . htpasswd files should then be put in directory. Note: if you put the . htaccess and . htpasswd files in the root of your site (htdocs on www server), it will password protect the entire site and ask for a username/password each time someone visits so it is not recommended to protect that one. Just place it in the sub directory you want to protect.

You can replace the EnterPassword text of AuthName with whatever you like, this is what is displayed in the login box when you acces the protected area. If you wish the message to have spaces in it, enter it within quote marks, such as “Enter The Password”.

The above example shows the path to use for your www webspace. To find the path to use for your CGI server webspace do the following:

* use telnet (or similar app) to connect to your cgi server shell e.g. telnet plus.net
* Enter your cgi username & password to the login and password prompts
* At the shell prompt ($) enter pwd followed by the return key. This will show your current working directory which is the root of your cgi webspace.
* Use that information + the name of the directory/folder you want to protect as the path for the AuthUserFile line.

E.g.: /files/homeX/username/secret/. htpasswd where X could be 1, 2 or 3.

Once you have created your . htaccess and . htpasswd files and copied them to the directory/folder you want to protect you should test the folder protection via a browser. Enter the URL to the protected webspace (e.g. for www webspace if you put the files into a directory called protected, it may be something like http://www.username.plus.com/protected ). You should then be presented with a login screen where you must enter your username and password. If it works, entering a valid username/password will give you access to the folder, invalid username/password should not allow access to the folder.

If the above fails, check you have created the . htaccess and . htpasswd files correctly and that you have copied them to the correct place. If you used FTP to copy the files to your webspace (www or cgi) make sure you transfered them as text and they have gone into the correct folder. Or ftp them as htaccess . txt and htpasswd . txt and rename them to . htaccess and . htpasswd.

Original Post

ads
Get our hottest stories to your inbox.
Check your inbox for a confirmation email.

Have something to add to this story? Share it in the comments.

Have something to add to this story? Share it in the comments.

Leave a Reply

Your email address will not be published.