Password protect your website using .htaccess

This tutorial covers web-based user authentication using HTAccess. Web-based authentication denies web access to visitors who do not give a valid username and password. This feature allows webmasters to restrict access to certain directories.

Difficulty: Easy to Medium

You will need the following basic skills: 

  • Ability to access files in your COE user account
  • Ability to use a text editor (such as pico, simpletext, or notepad)
  • Working knowledge of paths and basic filesystem navigation

The following is an example use of the .htaccess file. Let's assume that it resides at /nfs/stak/u4/z/[username]/public_html/private/.htaccess

AuthUserFile /nfs/stak/u4/z/[username]/public_html/private/.htpasswd
AuthName "Secret Stuff"
AuthType Basic

require valid-user   

The .htaccess file affects the directory in which it is placed, so in this example, any visitor requesting /~username/private/  would be presented with an authentication request.

The .htaccess file also affects directories recursively below it. Therefore, requesting /~username/private/evenmore would yield the same authentication request unless ~zork/private/evenmore had a .htaccess file of its own.

The first line, starting with AuthUserFile, tells the webserver where to find your username/password file. We'll create that file in a minute. For now, change the AuthUserFile line as necessary for your use.

Hot tip: If you'd rather not mess with running programs from the command line, you can generate both your .htaccess and .htpasswd files using the online tool at http://tools.dynamicdrive.com/password/ - you will still need to make sure the permissions are correct as shown in Step 3 below.

Step 1:
Using your favorite text editor, create a file similar to the example, replacing AuthUserFile and AuthName with values for your situation. Be sure to name the file .htaccess.

Step 2:
To create an .htpasswd file, go to the directory you specified in AuthUserFile. In the example, this is /nfs/stak/u4/z/[username]/public_html/private/. Then use the htpasswd program with the -c switch to create your .htpasswd in the current directory. (You have to do this in ssh)

Type htpasswd -c .htpasswd username to create the file and add "username" as the first user. The program will prompt you for a password, then verify by asking again. You will not see the password when entering it here:

flop 3% htpasswd -c .mypasswds tacodog Adding password for user tacodog New password: type password Re-type new password: re-type password 

Step 3:
In order for this to work both files must be readable by the webserver. Execute the following command in the same directory as the two files:

flop 3% chmod o+r .htaccess .htpasswd

To add more users in the future, use the same command without the -c switch: htpasswd .htpasswd bob will add username "bob" to your .htpasswd file.

To delete users, open the .htpasswd file in a text editor and delete the appropriate lines:

username:v3l0KWx6v8mQM

bob:x4DtaLTqsElC2

Article Information:

Date Created: Aug 22, 2003
Last Modified: Wed, Apr 13, 2011 4:52 PM
Views: 95752