Apache
  Home arrow Apache arrow Page 3 - Securing Directories With htaccess
Dev Articles Forums 
ADO.NET  
Apache  
ASP  
ASP.NET  
C#  
C++  
ColdFusion  
COM/COM+  
Delphi-Kylix  
Design Usability  
Development Cycles  
DHTML  
Embedded Tools  
Flash  
Graphic Design  
HTML  
IIS  
Interviews  
Java  
JavaScript  
MySQL  
Oracle  
Photoshop  
PHP  
Reviews  
Ruby-on-Rails  
SQL  
SQL Server  
Style Sheets  
VB.Net  
Visual Basic  
Web Authoring  
Web Services  
Web Standards  
XML  
Mobile Linux 
App Generation ROI 
IBM® developerWorks 
Sun Developer Network 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
APACHE

Securing Directories With htaccess
By: Hassan Syed
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 4 stars4 stars4 stars4 stars4 stars / 3
    2001-12-03

    Table of Contents:
  • Securing Directories With htaccess
  • The .htaccess file explained
  • The .htpasswd file explained
  • Conclusion
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Securing Directories With htaccess - The .htpasswd file explained
    (Page 3 of 4 )

    The .htpasswd file is even simpler that the .htaccess file, and can contain just one line. It consists of a number of name/value pairs, which represent username/password combinations. Each username/password combination is separated by a carriage return. They are used by Apache to determine whether or not a user trying to gain authentication actually exists and is valid.

    Before we create our .htpasswd file, you should upload the .htaccess file (which we created earlier) to the directory on your web server which you want to protect.

    If you are running windows 98 or above, then you can simply click on Start -> Run -> “ftp” (without the quotes). This will launch the Microsoft FTP app. To login and upload our .htaccess file to the /www/htdocs/secure directory, we would enter the following commands at the FTP prompt (Each command is separated by a carriage return):

    C:\>ftp

    C:\>open mysite.com

    C:\>[Username]

    C:\>[Password]

    C:\>cd /www/htdocs/secure

    C:\>put c:\security\.htaccess

    C:\>bye

    To create the .htpasswd file, we will connect to our web server using telnet. If you are running windows, click on Start -> Run -> “telnet” (without the quotes). Type in “open myserver.com” (replace myserver.com with the domain name of your server) to connect to your server. Enter your username and password. You should be at the Unix prompt.

    You will need to change into the directory where you uploaded your .htaccess file to. Use the “cd” (change directory) command to do this. In our example, we would change to the /www/htdocs/secure directory, like this:

    cd /www/htdocs/secure

    Next, we need to run the htpasswd program. This is a simple program that takes three arguments:

    htpasswd [options] [.htpasswd file] [new user name]

    For the first arguement, we specify “-c”. This tells the htpasswd file that we are creating a new user. For the second argument, we specify “/www/htdocs/secure/.htpasswd” (or the complete virtual path and filename of our .htpasswd file). For the last argument, we specify the name of the user we are creating. We will create a new user named fred. So, the command to add a new user named fred would look like this:

    htpasswd –c /www/htdocs/secure/.htpasswd fred

    Enter the command, as shown shown above (replacing the path to the .htpasswd file as needed). You will then be asked to enter a password for the new user, fred. Enter “flinstone”, as shown below:

    Adding a user fred, using htpasswd

    That’s all we need to secure our directory! We can make sure our authentication works by opening up a new browser window and entering http://www.yourserver.com/secure (replace www.yourserver.com with the domain name of your server). You should be greeted with an authentication dialog box:

    The authentication dialog

    Enter username “fred”, and password “flinstone”. Click OK and you will be granted access to the /secure directory. If you enter an incorrect username/password combination three or more times, you are denied access, as shown below:

    The invalid user screen

    Next: Conclusion >>
     

    More Apache Articles
    More By Hassan Syed


     
    >>> Be the FIRST to comment on this article!

    APACHE ARTICLES

    - Programmatically Manipulating Microsoft Exce...
    - Installing PHP under Windows
    - Compressing Web Content with mod_gzip and mo...
    - Compressing Web Output Using mod_deflate and...
    - Setting Up Apache 2.0.45 to Parse PHP Pages
    - Custom Error 404 Documents with PHP
    - Using Apache and PHP on Mac OS X
    - ASP: Active Sessions, Active Logins and Tota...
    - Working With Oracle on Windows: Part 1
    - The Quick-n-Dirty Guide to Setting Up Apache...
    - Installing Apache With SSL: The Complete Gui...
    - 7 Powerful .htaccess Customization Tips
    - Trap And Get Notified: A Practical Solution ...
    - One Way To Use Server Side Includes
    - Using ForceType For Nicer Page URLs
    Find More Apache Articles





    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 3 hosted by Hostway
    Stay green...Green IT