1.1) How do I
protect a directory in my website with a password?
This can be accomplished with the use of ".htaccess" and ".htpasswd"
files.
Remember from the guide that files
that begin with a period are hidden files.
First: Decide where to store your password file. For security reasons,
this should be out of your "www" folder, because everything
in your "www" folder is accessable from the web. One good idea
would be making a folder in your home directory in which to keep secure
files. You can do this with these commands from the command prompt:
------- Code Sample 1
------------
netmar> cd ~
netmar> mkdir safedir
netmar> chown username safedir [replace
'username' with your username]
netmar> chgrp adm safedir
netmar> chmod 750 safedir |
Next, you will create the
username and password combo that can access the directory that you would
like to protect. To do this, we will use the htpasswd command.
------- Code Sample 2
-----------
netmar> htpasswd -c ~/safedir/.htpasswd webuser
password: [enter
password here, case sensitive]
password (again): [enter
password here, again]
------- end
Code Sample 2 ------ |
-----Expert
Tip-----
If you want to add additional username-password pairs to the password
file, just leave out the -c
option in the command htpasswd
-c. The
-c means "create". |
Once you have set up the password
file, you will want to create the access file. This file must be named
".htaccess" and be in the directory to which you want to restrict
access. Your ".htaccess" file should look like this:
------- Code Sample 3
------------
AuthUserFile /path/to/your/safedir/.htpasswd
AuthName "Restricted Area - Login Required"
AuthType Basic
<Limit GET PUT POST>
Require valid-user
</Limit>
----- End Code Sample
3 ---------- |
That's it. Once your .htpasswd
and .htaccess files are set up, your directory should be restricted immediately. |
