If you have a web site that contains sensitive documents such as test results, scripts, or an administration section, then you need directory security to stop unauthorized people from accessing certain parts of your site. In this article, Hassan will show you how to setup htaccess security for folders on your Apache web server.
Securing Directories With htaccess - The .htpasswd file explained (Page 3 of 4 )
The .htpasswd file is even simpler that the .htaccess file, and can contain just one line. It consists of a number of name/value pairs, which represent username/password combinations. Each username/password combination is separated by a carriage return. They are used by Apache to determine whether or not a user trying to gain authentication actually exists and is valid.
Before we create our .htpasswd file, you should upload the .htaccess file (which we created earlier) to the directory on your web server which you want to protect.
If you are running windows 98 or above, then you can simply click on Start -> Run -> “ftp” (without the quotes). This will launch the Microsoft FTP app. To login and upload our .htaccess file to the /www/htdocs/secure directory, we would enter the following commands at the FTP prompt (Each command is separated by a carriage return):
To create the .htpasswd file, we will connect to our web server using telnet. If you are running windows, click on Start -> Run -> “telnet” (without the quotes). Type in “open myserver.com” (replace myserver.com with the domain name of your server) to connect to your server. Enter your username and password. You should be at the Unix prompt.
You will need to change into the directory where you uploaded your .htaccess file to. Use the “cd” (change directory) command to do this. In our example, we would change to the /www/htdocs/secure directory, like this:
Next, we need to run the htpasswd program. This is a simple program that takes three arguments:
htpasswd [options] [.htpasswd file] [new user name]
For the first arguement, we specify “-c”. This tells the htpasswd file that we are creating a new user. For the second argument, we specify “/www/htdocs/secure/.htpasswd” (or the complete virtual path and filename of our .htpasswd file). For the last argument, we specify the name of the user we are creating. We will create a new user named fred. So, the command to add a new user named fred would look like this:
htpasswd –c /www/htdocs/secure/.htpasswd fred
Enter the command, as shown shown above (replacing the path to the .htpasswd file as needed). You will then be asked to enter a password for the new user, fred. Enter “flinstone”, as shown below:
That’s all we need to secure our directory! We can make sure our authentication works by opening up a new browser window and entering http://www.yourserver.com/secure (replace www.yourserver.com with the domain name of your server). You should be greeted with an authentication dialog box:
Enter username “fred”, and password “flinstone”. Click OK and you will be granted access to the /secure directory. If you enter an incorrect username/password combination three or more times, you are denied access, as shown below: