Full Text:
This tutorial assumes the following,
1. The web server your site is running on is Apache.
2. .htaccess is configured in
Apache's configuration file to work in your directories.
If you are unsure you should ask your server administrator.
When a directory or set of directories are set up to require authorization properly, a text box asking the user
for a username and password should appear. Once a username is entered, this information is set to the server to be verified using
the current configuration. We will only explain one of the simplest ways to authorize users using the Apache web server. That way is
flat text files. Apache also provides several database options as well as custom external options, but we will not go into those here.
The first step to protecting a directory is to create the .htaccess file. Use your favorite text editor, (Notepad, Wordpad) and
start with a blank file.
The first configuration option we want to set is the type of authentication we want to use. We will use Basic, so enter the following as the first line:
AuthType Basic
Next we will want to set the label for the directory that will be protected.
This label will be shown in the pop up box that asks for a username and password. It is usually used to
let the reader know more information about the area they about ot enter. Type this as follows:
AuthName "Members Only"
Where "Members Only" is the label you want displayed. Quotes are important id the label is going to be more than one word.
The next item we want to enter is the configuration variable that will tell us what username:password file we want to use
to authenticate the users, usually known an a .htpasswd file. This file is maintained in your website control panel (At least for the users
on our servers).
The following must be entered for this line:
AuthUserFile /home/http/conf/htaccess/.htpasswd_yourdomainname
Where /home/http/conf/htaccess/.htpasswd_yourdomainname is the full path to your username/password file. A path is the string of directories
from the first directory of the server, not to be confused with a url. Note: even though the passwords
in this file are crypted, it is not a good idea to place this file in a place that it can be accessed via a web browser.
The last line we need to add is very simple and requires no changing. It tells the server that we are looking
to authenticate the user before allowing them access. Enter this line as follows:
require valid-user
The entire file you just created should look something like the following:
AuthType Basic
AuthName "Members Only"
AuthUserFile /home/http/conf/htaccess/.htpasswd_yourdomainname
require valid-user
Ok now save this file as .htaccess and upload it to your server into the directory you want to be password protected.
Test out your handy work by calling the directory you placed the .htaccess file in via you favorite web browser, and you
should be prompted for a username and password. All sub directories of the protected directory are also protected, and
you will only need to enter the username/password combo once per browser session, so if you reload it may not look
like the directory is being protected, but it is...
|
|
| |
