|
Password
protecting pages with HTaccess
What is
HTAccess?
HTAccess is
a NCSA-compatible way to use password-protection on HTML documents
and server directories. The interface prompts the user thru the
browser for a password, if HTAccess is attached to the directory
tree containing the HTML page requested.
How do I
reference it on my server?
First off,
HTAccess is already built into your domain manager's file manager
system, enabling you to password-protect ANY directory on your
web site, quickly and easily. Because of this capability, there
is no need for you to know any of the further information we
have made available for standard htaccess protection of your
directories. The Domain Manager does the work FOR YOU!
This information
is being made available if you require custom htaccess configuration,
such as user groups, multi-level access, etc, since these must
be set-up using Telnet. Any directory on our server containing
a .HTACCESS file automatically calls the server, searches for
the password files/groups, and prompts the user for access. Everything
is the same as the NCSA
instructions.
Where do
I start?
After reading
the faq, linked above, you should have no problems. You may use
the sample setup below to help contruct the proper configuration.
Keep in mind- a common question is "do I really name these
things .htaccess, .htgroup, and .htpasswd ? Yes, this is the
Unix method of hiding file names from somewhat prying-eyes. Name
the files this, set your tree structure the same way, and you
should have no problems.
Let's assume
your configuration is as follows:
a.) Your home
directory is:
/www/htdocs/global
b.) You want to password protect the following directory:
/www/htdocs/global/secret
c.) Your password will be located in the directory:
/home/global
Steps to password protect the 'secret' directory:
1.) Create the file named .htaccess in the "/www/htdocs/global/secret"
directory.
You can use pico or vi to do this. (For more info on these tools
check out
our Telnet Help). If you want to give
access to 'joe' and 'bob' the file
(.htaccess) should like like this:
--------------------------Begin----------------------------------
AuthUserFile /usr/home/global/.htpassword
AuthGroupFile /dev/null
AuthName Admin Control Login
Authtype Basic
(limit get put post)
require user joe bob
(/limit)
-------------------------End-------------------------------------
NOTE!
When typing out your .htaccess file, replace the parentheses,
"(" and ")"
in the code above with the "<" and ">"
characters the same as used in html tags.
We changed them to parentheses on this example so you would be
able to see
how the tags should be written on the web. --
The first line is the FULL PATH to your directories password
file.
The .htpassword file holds the user name and an encrypted password
that you assign later.
Okay, so far you have created the following files and directories:
/www/htdocs/global/secret <--- directory to be protected
/usr/www/htdocs/global/secret/.htaccess <---.htaccess config
file
/home/global/.htpassword <---directory holding password file(s)
2.) Now you must assign your user names (biff and chip) a password.
Assume you will give user name 'biff' the password 'itsme' and
user
name 'chip' the password 'mocha'
NOTE*: In order to assign passwords to these user names,
you must
have a telnet account. NO TELNET, NO PASSWORDS.
a) Logon to your telnet account and go to /home/global/:
cd /home/global
[enter]
b) Enter this command to create your password file:
htpasswd -c .htpassword username
In our example:
htpasswd -c .htpassword joe [enter]
The server will then respond:
Adding user joe New password: itsme Re-type password: itsme
And now the user 'joe' is added to the file. Now to add 'bob'
to the file:
htpasswd .htpassword bob
[enter]
The server will then say:
Adding user bob
New password: mocha
Re-type password: mocha
And That's
It! You're done! |
