Password protect your website using .htaccess
This tutorial covers web-based user authentication using HTAccess. Web-based authentication denies web access to visitors who do not give a valid username and password. This feature allows webmasters to restrict access to certain directories.
Difficulty: Easy to Medium
You will need the following basic skills:
- Ability to access files in your COE user account
- Ability to use a text editor (such as pico, simpletext, or notepad)
- Working knowledge of paths and basic filesystem navigation
The following is an example use of the .htaccess file. Let's assume that it resides at /nfs/stak/u4/z/[username]/public_html/private/.htaccess
The .htaccess file affects the directory in which it is placed, so in this example, any visitor requesting /~username/private/ would be presented with an authentication request.
The .htaccess file also affects directories recursively below it. Therefore, requesting /~username/private/evenmore would yield the same authentication request unless ~zork/private/evenmore had a .htaccess file of its own.
The first line, starting with AuthUserFile, tells the webserver where to find your username/password file. We'll create that file in a minute. For now, change the AuthUserFile line as necessary for your use.
Hot tip: If you'd rather not mess with running programs from the command line, you can generate both your .htaccess and .htpasswd files using the online tool at http://tools.dynamicdrive.com/password/ - you will still need to make sure the permissions are correct as shown in Step 3 below.
Using your favorite text editor, create a file similar to the example, replacing AuthUserFile and AuthName with values for your situation. Be sure to name the file .htaccess.
To create an .htpasswd file, go to the directory you specified in AuthUserFile. In the example, this is /nfs/stak/u4/z/[username]/public_html/private/. Then use the htpasswd program with the -c switch to create your .htpasswd in the current directory. (You have to do this in ssh)
Type htpasswd -c .htpasswd username to create the file and add "username" as the first user. The program will prompt you for a password, then verify by asking again. You will not see the password when entering it here:
In order for this to work both files must be readable by the webserver. Execute the following command in the same directory as the two files:
To add more users in the future, use the same command without the -c switch: htpasswd .htpasswd bob will add username "bob" to your .htpasswd file.
To delete users, open the .htpasswd file in a text editor and delete the appropriate lines:
Date Created: Aug 22, 2003
Last Modified: Wed, Apr 13, 2011 4:52 PM