Creating password protected web pages


This page details how to use htaccess for password protecting web pages. This method should not be used for protecting critical data.
If you have data you absolutely need to keep people out of, you should get yourself a secure web server and setup a proper user access system.
Dreamhost, via the link below, can provide you with a secure web server.



In any place I mention usernames or passwords, I mean for the files required to secure the page, not any system password.
This method will password protect a directory and any sub-directory.
If you have a directory called 'family' and it has sub-directories 'mom' and 'dad'; when you protect 'family', once somebody gains access to 'family', they will also have access to 'mom' and 'dad'.
To password protect a web page, two files need to be created.
.htaccess used to define the rules for the protection
.htpasswd used to store the usernames and passwords you want to authorize
Note the leading period on the file names


To try this out, follow this link when it asks for a username and password. Enter 'test' and 'test'.
click the back button on your browser to come back here.

.htaccess
In the directory that you want to password protect, create a file called .htaccess and place in it the following contents:

AuthUserFile    /home/members/y/yourrname/.htpasswd
AuthGroupFile     /dev/null
AuthName     SecurePage
AuthType       Basic

< Limit   GET   POST>
require     valid-user
</Limit>



Spaces have been exagerated-if you aren't sure if it's a space or not, it probably isn't
Note, the line that begins AuthUserFile points to a file in your home directory. You need to put your own login name in place of 'yourname'. Also, the /y/ would be changed to reflect the first initial of your login name.
The AuthNAme directive can be changed to whatever you like.

.htpasswd
The .htpasswd file is where the usernames are stored that you want access to the page.
You need to create this file and put usernames into the file. To create the file and put the first username in, login to your account. If you see the menu, type ^z (control-z) to go to the unix prompt. You should be in your home directory. /home/members/u/username to verify this, you can enter pwd to verify that you are in the correct directory. once you have verified that you are in the right directory, you need to issue this command:
/usr/local/sbin/htpasswd    -c    .htpasswd    user1

-c is used to create the file. Instead of user1, you would put the name that you want people to use to access your secure area.
the program htpasswd will ask you for a password. This is the password that user1 will use to authenticate.
Do not use your system password.
To be sure the permissions are correct, enter
   chmod  604  .htpasswd

If you want to add a second person to the list, just use
/usr/local/sbin/htpasswd   .htpasswd   user2

Just keep repeating this for each additional user.





Web Pcfubar.net
Donate towards my web hosting bill!
email me: roger AT pcfubar.net with any questions