| Password Protecting Your Site (HtAccess) |
In order to use this tutorial, you will need the following basic skills:
Ability to telnet or ssh into bway's server
Ability to use a text editor (such as pico or vi)
Working knowledge of paths and basic filesystem navigation
|
Password protecting a web directory
Giving access to more than one user
Adding a user
Deleting a user
Error Messages
|
Password protecting a web directory
Using a program named htaccess, you can password protect your web directories.
-
Create the standard plaintext file called .htaccess in the directory that you want to password protect. It should look like this (the quotes are very important):
AuthUserFile "/path/to/home/directory/password-dir/.htpasswd"
AuthGroupFile "/dev/null"
AuthName "By Password"
AuthType Basic
<Limit GET>
require user username
</Limit>
Then make sure you have one blank line at the bottom of your .htaccess file, otherwise you will get a Malformed Header message.
AuthUserFile:
Change the /path/to/home/directory/password-dir/ to your actual path. (i.e. /home/j/johnsim/html/mystuff/ or /home/yourdomain.com/html/mystuff/)
AuthName:
Change this to whatever you like. It will usually be displayed in the password prompt window.
<Limit GET>
If you want to allow other methods (particularly in CGI directories), you can specify them separated by spaces in the LIMIT directive. For example:
<Limit GET POST PUT>
require user username
</Limit>
Change username to the name of the user that will be accessing your protected web directory.
- Create the password file
At your shell prompt, type:
/usr/bin/htpasswd -c /path/to/home/directory/password-dir/.htpasswd username
Where /path/to/home/directory/password-dir/.htpasswd is the same path you specified in the .htaccess file
username is the user name you put in your .htaccess file.
Now the program will ask you to type in the password twice.
|
Giving access to more than one user
Follow the directions above, except for the following:
- Modify the AuthGroupFile and require lines in the .htaccess file in the directory to look like this:
"AuthUserFile /path/to/home/directory/password-dir/.htpasswd:
"AuthGroupFile /path/to/home/directory/password-dir/.htgroup"
AuthName "By Password"
AuthType Basic
<Limit GET>
require group mygroup
</Limit>
Change the /path/to/home/directory/password-dir/ to your actual path. (i.e. /home/j/johnsim/html/mystuff/ or /home/yourdomain.com/html/mystuff/)
You can change mygroup to anything you'd like
Then make sure you have one blank line at the bottom of your .htaccess file, otherwise you will get a Malformed Header message.
- Create a group file
Create the standard plaintext file called .htgroup and put it in the directory that you specified in the AuthGroupFile line, then enter the following information:
mygroup: username1 username2 username3
Where username is the name of the user you want to add.
- Add users with the following line:
/usr/local/bin/htpasswd /path/to/home/directory/password-dir/.htpasswd username
Change the /path/to/home/directory/password-dir/ to your actual path. (i.e. /home/j/johnsim/html/mystuff/ or /home/yourdomain.com/html/mystuff/)
Change username to the name of the user you would like to add
|
Adding a user
Open the .htpasswd file in a text editor and delete the line that starts with the user's name. The file should look something like this:
username1:v3l0sim6v8mQM
username2:x4DtaLTqsElC2
Then save and close the .htpasswd file.
|
Deleting a User
To have multiple users, you must use a group file. If you haven't already, follow the steps here. If your .htaccess file is already set up for a group, then you just need to type the following at the shell prompt:
/usr/local/bin/htpasswd .htpasswd username
|
If you're getting a Malformed Header error message when I access your protected directory:
There could be several reasons why the server would return an error message to you. The most common are:
- You need to have one blank line at the end of your .htaccess file.
- The .htaccess file has to be in the directory that is is going to password protect.
- If you used a graphical HTML editor to make your web page, then it probably changed some of your code.
Often HTML editors will replace the < and > with < and > so your code is not parsed by the web browser.
You need to change the < and > with < and > in your HTML file and save it again. If your HTML editor won't allow you to do this, then you will need to use a text editor like Notepad or Simpletext.
- Make sure your file matches the code in part 1.
|
|
|
Help Me!