BigNoseBird.Com- Small Logo
The 508 compliant Guide to 
       Big Nose Bird
Site Search Engine

Controlling Access to Your Pages With .htaccess

It is possible there are parts of your site which you would prefer that not just anyone have access to. The NSCA and APACHE servers provide a system that you can use to control access to certain directories on your website. You might have a family photo album on line that you want only your family to see. No matter what your little secret is, I will show you how to help keep private things a little more private.

I am sure that in your surfing around on the 'Net you have every once in a while run into:

password request
not a real screen!

This is not JAVA or CGI-BIN, but something that is very easy to implement- even for a newer web author. The .htaccess feature of your server is activated simply by placing a small file in the directory you want to protect. Guess what the file is called? Yes, you're correct! .htaccess

Before taking you through the steps of setting up this protection scheme, please take a moment to look at some things you should know.

  • Nothing in life is truly secure. There may be holes in this system.

  • The user name and password are transmitted as plain, readable text, they are not encrypted.

  • If a user knows about subdirectories under the protected directory- security can be breached if the subdirectories are not also protected.

  • If you plan on giving passwords to people, keep in mind that it is an extra maintainence function for you to perform.

  • To setup .htaccess you must be able to access your server using telnet, this cannot be done using FTP. If you do not have telnet access to your site, check your provider's FAQ or reference pages to see if they have a script you can use for setting passwords.

Setting up an .htaccess Protected Directory

Installing the .htaccess involves a few steps. The most important thing is to make sure you do not install the .htaccess file in your main web directory. If you do, everyone will be locked out of your website. Unless this is what you want to do, make sure you create the directory and are located in it before creating the file.
  • Step 1: See where you are. At your prompt enter the command pwd to see what directory you are in. If you already have made your new directory and are in it- go to Step 3.

  • Step 2: issue the command mkdir dirname where dirname is what you want to call the directory you will be protecting. Then enter the command cd dirname

  • Step 3: Using an editor such as vi or pico, create a file called .htaccess (lower case letters of course- with the leading period) that looks just like this:
AuthUserFile /usr/www/dirname/.htpasswd
AuthGroupFile /dev/null
AuthName "The Secret Page"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>
  • Step 4: Change the AuthUserFile so that the UNIX PATH matches that of your system. This is where the password file that we will create in a moment will reside.

  • Step 5: Change The Secret Page to be whatever title you want to have appear on the password box.

  • Step 6: To create the password file, issue the following command: (NOTE: you only do it this way to create a new file)
htpasswd -c .htpasswd user_name (where user_name is a name)
If you get a message like, htpasswd: not found enter the command type htpasswd. If that doesn't do the trick, try which httpd. If htpasswd is not in your path, you will have to add that directory to your path or enter the command as /what/ever/dir/htpasswd -c .htpasswd user_name
  • Step 7: The system will ask you to enter the password for this user. It will then ask you a second time to confirm your typing.

  • Step 8: Continue to add new users, but with this version of the command. The -c option is only for the initial creation of the file.
htpasswd .htpasswd new_name

That is all there is to it! If you experience any unexpected problems, or you change your mind about restricting access, just issue the command:

rm .htaccess




Find or Give Help on the BBS
 
Home Top E-Mail
If it looks great, it's by Christine
Some Fine Print
© 1997-2003 BigNoseBird.Com®, Inc. All rights reserved. All other trademarks are the sole property of their respective owners. The products that we recommend are only ones that we use. We have no relationship with any of the authors or their companies. We cannot assume responsibility for their ultimate performance or lack of same. We also cannot assume responsibility for either any programs provided here, or for any advice that is given since we have no control over what happens after our code or words leave this site. Always use prudent judgment in implementing any program- and always make a backup first! For further information, please read our Privacy Statement. We can be contacted at webmaster@bignosebird.com.


<reallybig.com>
Web Builder Network Portal
Advertise
on the
Reallybig.com
Network
BigNoseBird Newsletter
Subscribe
Un-Subscribe


Sign up today to receive our low volume newsletter. Tips, tricks, news, and whatever else crosses our minds.
Back Issues
Privacy Statement