| Password protected directories are very useful for development purposes
or if you're looking to provide content on a subscriber basis. What you
need to do to set up protected directories on your web site will vary
depending on whether your site runs on the Cern or the Apache web server.
If you have a virtual host at PRIMUS, you can find out if your web
site is running on the Cern or Apache web server by looking it up with
our nslookup Tool. This document
explains setting up protected directories for the Apache web server. With
the Apache server, protected directories can be set up entirely by you,
but the process does require a working knowledge of Unix.
Password protected directories on the Apache server are quite simple,
requiring only two control files, both of which can be set up by the owner
of a web site. The first file is called .htaccess and lives at the
root level within the directory to be protected.
Here is an example of a typical .htaccess file:
AuthUserFile /home/web/mfs.primushost.com/etc/toad
AuthGroupFile /dev/null
AuthName "Apache Protected Directory Example"
AuthType Basic
<LIMIT GET POST PUT>
require valid-user
</LIMIT>
- AuthUserFile: Full path to the password file for this
protected directory.
- AuthGroupFile: Full path to the
file containing group definitions. For most it will suffice to set this
to /dev/null, the Unix equivalent of a trashcan, since groups will not be
an issue.
- AuthName: The name that will appear in the
browser window requesting a password.
- AuthType:
Basic, the only type presently available, indicates that passwords are
transmitted as uuencoded data.
- <LIMIT ...>
</LIMIT>: Requires a valid user name from the password file
The second file, the password file, can live anywhere but it's a good idea
to keep it in an area that is not browsable by the web. The easiest way to
go about this is to create a directory inside your home directory to house
all of your password files. (As you can see in the .htaccess example
above, the password file is stored within a directory called "etc" inside
the virtual hosts home directory). It can be named anything you like.
Personally, I give password files oddball names just to make them a little
less obvious and keep myself entertained.
A sample password file, which I called toad, looks like this:
ttfn:WY/ScjkHSocxU
arlyn:HredY89AJ1MHQ
webmaster:g.PcPw9BkThMs
This password file contains three usernames: ttfn, arlyn, and
webmaster, and an
encrypted password for each.
Once you have created the .htaccess file you will need to set up
your own username(s) and password(s).
htpasswd <password file> <user id>
(Once you execute the command you will be prompted for a password).
Be
sure to include the complete path to the password file or
execute
the command from within the same directory as the existing password
file.
htpasswd -c <password file> <user id>
Be careful when using the -c argument. Once the initial password file
is created, using the -c argument will overwrite the current password file
removing any existing usernames and passwords.
If a group file is specified in the .htaccess file (that is if
AuthGroupFile is anything EXCEPT /dev/null) you will need to create a
group file and add the usernames manually. (Create and edit the file using
any text editor). Passwords are then generated in the same way using the
"htpasswd" command.
Be sure all files have permissions of 644 and all directories they
are in have permissions of 755.
- To set the permissions use the "chmod" command:
chmod 644 <filename>
chmod 755 <directoryname>
Back to Shared Hosting Support
| 
