Tuesday, July 7, 2009

.htaccess-provide password protection easy tutorial

This tutorial will help's for how to provide password protection of web directories on a UNIX/Linux server. If you have a directory that you do not want the general public to have access to, this simple procedure will produce a username and password prompt anytime someone tries to access the directory.
Just you'll need:
ability to telnet or SSH into your web server (ask your ISP for access)
understanding of web server path

Now We Access That .htaccess:
1. setup your setting or configuration .htaccess file:
  • First we must create was is known as the .htaccess authentication file. This file is the key to providing who has access to the files in the directory and what types of operations they are allowed to perform within the directory. This tutorial will restrict who is able to view (GET) files from the directory and upload (POST) files into the directory. For more elaborate security measures, check out Apache's web site.
  • Open your favorite editor (Windows®, Notepad works well) or telnet into your web server and use a Unix editor like vi.
  • Using the text below as a guideline, create a text file where /var/www/html/private/ is the absolute path of the directory where you would like to store your authentication usernames/passwords and My Private Directory is the name you would like for the authentication window.

AuthUserFile /var/www/html/private/.htpasswd
AuthGroupFile /dev/null
AuthName "My Private Directory"
AuthType Basic

require valid-user

Note: the absolute path to the .htpasswd file is very important. If unsure about this path, ask your hosting provider or telnet into the server and from the directory you want to keep your usernames/passwords, type pwd at the shell prompt.

  • Save this file as .htaccess.
  • The .htaccess file needs to be placed inside the directory you would like protected. If the file was created on your local workstation, ftp the file into the directory you want protected. If a Unix editor like vi was used, use the mv command to move the file to the required directory.
2. Configuration of the .htpasswd file:
  • Second we must create the .htpasswd file. This file contains the usernames and passwords of those individuals who we authorize access to our directory, and subdirectories.
  • In order to create this file you must telnet into your server.
  • Go to the directory, using the cd command, you specified your AuthUserFile (in this example, we specified /var/www/html/private/).
  • Type htpasswd -c .htpasswd username to create the .htpasswd file and add "username" to list of authorized users. The program will initially prompt you for a password and then ask you to verify it.
  • To add new users, use the same command without the -c switch. For example, to add the user foo, type htpasswd .htpasswd foo.
  • To delete users, open the .htpasswd file, using your favorite unix editor, like vi, and delete the row(s) associated with the specific user(s) that you want to remove.
Now finish..If you want to test it :
Open your browser and type the URL and path to the directory where you placed the .htaccess file. For example, if you placed the .htaccess file in a subdirectory called private that is contained within your web directory, then you would type . If you were successful, you should get a dialog box prompting you for a username and password.

No comments:

Post a Comment