SUPPORT
 Support
 Shared Web Hosting
 CGI Scripting
 Custom Error Pages
 Password Protection
 E-Mail Services
 PAGE emerge personalised mailshots
 Miscellaneous FAQ
 Outlook Express Setup
SEARCH
{About}
{News}
{Services}
{Solutions}
{Support}
{Contact}
{Search}
Password Protection
  How can I password protect directories in my site?  
In order to password directories on your site, you will need to upload two additional files. The first is named .htaccess and should reside in the directory you want to protect, this file sets all the options related to that directory. The second file is normally called .htpasswd, and contains all the username and password combinations. The one .htaccess file will protect the directory you place it into, and all the directories beneath it as well. The .htaccess file should be created and uploaded as a plain text file, you can use Notepad on Windows to create plain text files. If you are already have a .htaccess file with other directives, such as those for custom error documents, you can add the error document directives before or after the existing configuration data.  
 
Example .htaccess File:  
AuthUserFile /home/example/.htpasswd  
AuthName “Private Area”  
AuthType Basic  
<Limit GET>  
Require User example  
</Limit>  
 
The AuthUserFile directive tells the server where to locate your list of users and their passwords, AuthName sets what the browser displays in the box when it prompts for a username and password. Unless you plan to use digest authentication (beyond the scope of this document), AuthType should be left set as ‘Basic’. The <Limit> section specifies which users can make certain types of requests, for simple password protection <Limit GET> is probably adequate, though <Limit GET POST PUT DELETE> will limit most common request types. The Require User line can take either several usernames separated by a space, or ‘valid-user’ which will allow any users who appear in the .htpasswd file to access the directory.  
 
Example .htpasswd File:  
user1:0rCec4tKQNY8A  
user2:QHUodvuC6RlCE  
 
The usernames appear on the left, separated by a : from the encrypted password which appears on the right hand side.  
 
Example .htgroup File:  
group1: user1 user2 user3  
group2: user6 user1 user4  
 
The .htgroup file is optional, and is activated by including its location in the .htaccess file with the AuthGroupFile directive in much the same way as AuthUserFile. The concept of groups simplifies the administration of a password protected area when you have a larger number of users. The Require directive is used in a similar way with groups as with users, using the example above “Require Group group1” would permit everyone in the group ‘group1’ to access that directory; in this case user1, user2 and user3.  
 
Encrypting the Passwords:  
Password encryption is performed by use of the ‘htpasswd’ utility, which you can use by logging into the system by ssh or telnet. See the question “How do I telnet/SSH to the server?”, for details on how to use telnet/ssh. An example session to create the .htpasswd file with one username, and add a username is included below:  
(Please note that passwords will not appear on the screen)  
 
Connected to web.pagehosting.co.uk.  
login: user  
Password:  
[user@web homedir">   
$ htpasswd -c .htpasswd user1  
Adding password for user1.  
New password:  
Re-type new password:  
[user@web homedir">   
$ htpasswd .htpasswd user2  
Adding user user2  
New password:  
Re-type new password:  
[user@web homedir">   
$  
 
You can also find out the location of your home directory using the command ‘pwd’, this path is used when you specify the location of user and group files.  
 
[user@web homedir">   
$ pwd  
/home/domains/p/pagehosting.co.uk  
[user@web homedir">   
$  
 
 
 

OUT NOW.......  
 
Our latest newsletter. If you would like to receive a copy of our excellent publication which keeps you up to date on our products and services and what is happening in the world of the Internet, please email us from the Contact page and let us know you would like to be added to our mailing list.

 

Hosting services for the discerning customer - see our advert in E-Web magazine  
 
Including.......'Fully managed dedicated server hosting' and 'Server co-location' at our Docklands datacentre, with superfast 100Mb connectivity.  
 
Full security management including updates, SSL and Firewalls.  
 

Tel: 07968 959764     Fax: 01730 231021     E-mail: info@pagehosting.co.uk
The contents and copy on this site unless otherwise documented, are the sole property of Page Hosting Ltd. All Rights are Reserved.
Page Hosting Ltd. Registered in England. No. 4194856.