Can I password protect my directories using a .htaccess file?
Yes, if your site is on a UNIX platform, you may password protect any directory within your website using the .htaccess file. This process does require you to create two files - one of which requires a UNIX command to generate. Though you may create these files on another Linux server and then import the files to your account, it does help to have telnet access to your Weaccount so that you can easily issue commands and create the files on the Weserver using the emacs, pico or vi editors. Telnet access is available in the Basic, Enhanced and Advanced plans.
Step 1 - creating the .htaccess file
The principle behind creating a password protected directory for your site is simply to create a file named .htaccess in the directory that you would like to protect. The server will recognize any file named .htaccess as one that will password protect browser access to the directory in which the file is located. (You are also able to restrict access to only certain IP addresses and commands such as "get". Please see the reference links we provide below for further details.) Please see the followng steps for instructions on how to create the .htaccess file.
- Telnet to web2.burlee.com and login with your username and password.
- Either create a directory that you would like to password protect (mkdir directoryname) or use the cd command to enter the existing directory that you would like to password protect.
- Once you are in the directory you would like to protect, create the .htaccess file by simply using an editor of your choice. In our example, we like pico, so that command is:
- This will bring you to the edit screen where you should paste in the following text:
AuthName "The Name of Your Password Protected Area"
Require user "username"
Require user "username2"
Require user "username3"
(and so on...)
The text in red represents changes that you will need to make to customize the .htaccess file for your specific domain and password protected directory. You will notice that you may name your password protected area in line 3. Line 5 is where you specify usernames that are able to access the directory, and you may add as many usernames as you wish by typing "Require user username" on separate lines
Line 1 represents the path to the password file that holds a list of the username and passwords that are authorized to access the protected directory. You will need to create this password file in the next step, and the users you list on the .htaccess file must match the users you list on the password file.
Step 2 - creating the password file
While the .htaccess file provides a list of the authorized users to your protected directory, you will also need to create a file that holds the username and password information to authenticate these users. For the sake of simplicity, the password file should be named .htpasswd and placed in the same directory as the .htaccess file. (The password file can actually be named anything you want and can be stored in any directory, however we will use the above protocol as an example.)
- In this example, we have placed the password file in the same directory as the .htaccess file. Note in the .htaccess file there is a call to the password file:
If you choose to place your password file in a directory other than the protected one, make sure to specify the location in the path of the .htaccess file. For the purposes of this example, we have placed the password file, .htpasswd, in the same directory as the .htaccess file.
- Use the following command in the directory that you specify in the .htaccess file to create the password file:
htpasswd -c .htpasswd username
The command to create/edit an Aache web server password file is htpasswd, the -c flag indicates a request to create a new password file, in this case named .htpasswd, and the text in red represents the username for which you would like to create a password.
- After you type this command, you should be prompted to enter and verify the password for the username.
- As long as the username you create in the password file matches the one specified in the .htaccess file, you are all set and should be able to gain access to your password protected area with the username and password combination. Try the following address to test your handiwork:
If you are able to login using the username and password specified above, then you are all set! If you are not able to login, please review the instructions above and check out the tutorials listed below.
- To add additional users to the .htpasswd file, simply go to the directory in which the password file is located and type the command:
htpasswd .htpasswd newuser
The UNIX command is htpasswd. It is followed by the name of the password file (in our example .htpaswd) and the text in red is the new user that you wish to create. Remember that the .htaccess and .htpasswd file work together, so don't forget to add the new username to the .htaccess file as well!
We hope this information helps! There are also CGI scripts that you may use to perform password protection - some make use of the .htaccess file.