|
How To Password Protect A Directory on a Unix Server.
On a Unix server you need three things to password-protect a directory: 1) a .htaccess file, which goes in the directory you want to protect. 2) a directory which is not web-visible. 3) a .htpasswd file which goes in the directory which is not web visible. Files 1) and 3) are simple text files WITHOUT an extension. The .htaccess file can be a simple text file which you rename as '.htaccess' without the .txt extension. It should contain
ONLY the following text: AuthUserFile
/complete/path/to/directory/containing/passwordfile/.htpasswd
(Leave a blank line after the last /Limit tag above). Use the command 'pwd' to find out the path to any file or directory on your virtual server, e.g. pwd passworddirectory Change /complete/path/to/directory/containing/password/ above to the full path on your server to the .htpasswd file. You can then upload it in ascii mode to the directory you want to protect. The dot in front of the name makes it invisible to snoopers who aren't logged on with the proper permissions, such as people browsing the web. You may change 'SomeNameXyz' to whatever word(s) you want your customers to see when they are asked to input their username and password. Leave it as it is and make sure it works before fiddling with it. The .htpasswd file should be in a directory which is not web visible - make a directory in your root directory. For further security give this directory a name which is unlikely to attract the attentions of hackers. The .htpasswd file is one you create on the server with this command: htpasswd -c /relative/path/to/directory/containing/password/.htpasswd cakes You will then be asked for the password that will go with the username 'cakes'. Type 'teacup' or whatever you want. A file named .htpasswd is created with the encrypted password for the username 'cakes' in it. Remove the -c in the command if you want to add more usernames. Use combinations of numbers and letters, and upper and lower case letters, to make your password harder to crack e.g. username: USerNam3 password: 1pAssW0rD Use the chmod command to change the permissions on the two files: chmod 604 .htaccess chmod 604 .htpasswd ...in a telnet session, in their respective directories.
That's about it. If you have any problems, use a search engine to find tutorials on this subject, as there are loads of pages on the web about it. Not all are correct, or leave things out (mine included, probably!).
Addendum: A .htaccess file has other useful features. It can be used to deny particular domains access to your site, and let everyone else in, so to speak. Here is the example. [This is the only text that should be in the file]: <Limit
GET> </Limit> (You separate the IP numbers or domains you want to deny access to by a space only) .htaccess files can also be used to stop people 'hot linking' to images on your site, to redirect surfers to another page, or to run cgi scripts automatically. See my Horatio Content Protection Script for more detailed information. If you're the mean type, you'll have a lot of fun! See also here.
|