Home arrow Apache arrow Page 4 - 7 Powerful .htaccess Customization Tips

7 Powerful .htaccess Customization Tips

Turn your web site into the ultimate stealth machine using Steve's 7 powerful .htaccess customization tips, which he reveals in this article.

Author Info:
By: Steve Adcock
Rating: 5 stars5 stars5 stars5 stars5 stars / 13
November 28, 2002
  1. · 7 Powerful .htaccess Customization Tips
  2. · .htaccess Naming Conventions and File Creation
  3. · Modifying Directory Indexes
  4. · Password Protection
  5. · Conclusion

print this article

7 Powerful .htaccess Customization Tips - Password Protection
(Page 4 of 5 )

Password protection is probably the most used function of the .htaccess file aside from custom error pages. Setting up a password-protected directory is a little more elaborate than what we have seen thus far but is certainly feasible by anyone with a little willingness to learn.

The .htaccess method of password protecting a directory uses another file, called .htpasswd. This stores the username of the user along with the encrypted password of that user. Each time the user attempts to access a file within a protected area, the username and password the user inputs is checked against the .htpasswd file for authentication.

First, we need to create the .htpasswd file. Normally, you need access to the Unix machine to create this file with the following htpasswd utility:

htpasswd -c /home/user/names steve

The above line of code creates the file 'names' (with the -c flag) and creates the username of steve. The system will then ask for a password twice. However, since some web-hosting providers do not allow clients the ability to access the machine, we need another method for creating this file.

I found a neat utility online useful for encrypting the password for a user. Simply click here and enter the desired username. Then, enter the password twice and click the 'calculate' button. You should come back with something like this (given the username of steve):


Copy and paste that entire line into a blank text file and name it .htpasswd. Each time you wish to create another user, simply use the same web site and copy and paste the new username and encrypted password to the next available line in your .htpasswd file.

Next, upload this document to your account. If you can, upload this file to a directory above that of your root web directory. For example, if your root directory was /home/user/public_html, then the directory above it would be user. This makes this file completely inaccessible by the general Internet public, which is a very good thing. Remember to upload this document in ASCII and not binary.

Our next step is to create (or amend) the .htaccess file. Open or create the file and include this within it:

AuthUserFile /home/user/.htpasswd
AuthGroupFile /home/user/group
AuthName "The incredibly safe realm"
AuthType Basic
require valid-user

Notice that we have specified the location of the .htpasswd file as /home/user/.htpasswd. Be sure the path is correct to the .htpasswd document on the system. We will not be using a Group file, so we can input any directory. The AuthName directive is what will be displayed in the popup dialog box that asks for the username and password to access a protected directory.

Also notice require valid-user. This means that any username within the .htpasswd file can be checked and validated. If, for example, we only wanted to allow particular users access, we could use something like:

require user username1 username2 username3 username4

That is all there is to it to create a password protected directory! Be aware that if you place this file within your root directory, your entire web site will be password protected, which may or may not be what you intended.
blog comments powered by Disqus

- Programmatically Manipulating Microsoft Exce...
- Installing PHP under Windows
- Compressing Web Content with mod_gzip and mo...
- Compressing Web Output Using mod_deflate and...
- Setting Up Apache 2.0.45 to Parse PHP Pages
- Custom Error 404 Documents with PHP
- Using Apache and PHP on Mac OS X
- ASP: Active Sessions, Active Logins and Tota...
- Working With Oracle on Windows: Part 1
- The Quick-n-Dirty Guide to Setting Up Apache...
- Installing Apache With SSL: The Complete Gui...
- 7 Powerful .htaccess Customization Tips
- Trap And Get Notified: A Practical Solution ...
- One Way To Use Server Side Includes
- Using ForceType For Nicer Page URLs

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 

Developer Shed Affiliates


© 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials