NCS Computer FAQ

Knowledgebase Home Knowledgebase Home
Search the Knowledgebase Browse by Category

[Advanced Search]
How do I password protect my web site?
Would you like to...
Print this page
Email this page
Post a comment
User Opinions
No users have voted.
How would you rate this answer?
Helpful
Not helpful
There are various methods of password protecting your web site. One of the easiest methods is by use of  .htaccess.

Briefly, the .htaccess process requires you create two files. One file, htpassword allows you to store usernames and encrypted password you create. The second file, .htaccess contains server commands that limit access to specific directories for approved users.

If you would like to password protect your entire site, place the .htaccess file in  your public_html directory. If you only wanted to protect the contents of a subdirectory located under public_html you would store the .htaccess file in public_html/subdirectory/. Any additional subdirectories located under publuc_html/subdirectories would also be password protected by the .htaccess. file. As a result public_html/subdirectory/subdirectory_1/ would have restricted access.

Note:

This process does not prevent individuals who have shell access to the server where your account is stored from viewing your files.

Connect to Andromeda/Pegasus

Use SSH to connect to your account. Move to the public_html. by entering

cd public_html

In order to create a subdirectory named private enter

mkdir private

Change the new directory's access permission  by entering

chmod 755 private

Move into the newly created subdirectory

 cd private

The .htaccess file must be stored inside the directory to be protected.

You will need to personalize the example below. You may alter the contents of AuthName field as you wish.They will be displayed to the user and can be used to explain the authentication request.

The AuthUserFile points to the location of the password file. For security purposes its best to keep that file in your home directory

In the example below, a user with a NetID of jane will use a simple unix text editor named pico to create her .htaccess file. Alternatively, she could have used ftp to upload the .htaccess file. After she logs in she uses pwd  to learn the absolute path to her home directory. 
<pegasus> pwd
/pegasus/home/u1/jane

She records that information. It will be used in her 
.htaccess file to specify the location of the .htpasswd 
file. If the .htpasswd were stored in her home directory  
its location be:

/pegasus/home/u1/jane/.htpasswd
Create the .htaccess file

At the system prompt enter:

pico .htaccess (remember to include the dot in the name of the file)

AuthName "Access limited to registered users"
AuthType Basic
AuthUserFile /pegasus/home/u1/jane/.htpasswd
AuthGroupFile /dev/null
<Limit GET>
require valid-user
</Limit>
where

the /pegasus/home/u1/jane/ portion of the above line is replaced with location of your .htpasswd file.

Change the access of .htaccess file  to be world accessible by entering

chmod 644 .htaccess

Creating the .htpassword file

At the system prompt enter:

cd

This will return you to your home directory.
The initial time you use the htpasswd command you must use the -c option to create the password file and add a user name. That would appear as

htpasswd -c ~/.htpasswd initial_username

The command will then prompt you to enter the users password.  For security reasons, the password will not appear when it is being typed.An encrypted form  is added to the htpasswd file.

To add additional user names use the htpasswd command but omit the -c option, e.g.

htpasswd ~/.htpasswd additional_username

You can add as many users as necessary.
Visitor Comments
No visitor comments posted. Post a comment
Related Questions
Attachments
No attachments were found.

Powered by ActiveKB Knowledgebase Software