HTAccess
Authentication Tutorial
This
tutorial covers web-based user authentication using HTAccess. Web-based
authentication denies web access to visitors who do not give a valid username
and password. This feature allows webmasters to restrict access to certain
directories. The usernames and encrypted passwords are kept in a
webmaster-maintained file. This is not the same as ordering another Netsavy /
Abhost Telnet/FTP Account.
Difficulty: Easy to Medium
You
will need the following basic skills:
- Ability to telnet and log in to your virtual domain
- Ability to use a text editor (such as joe or pico)
- Working knowledge of paths and basic file system navigation (cd,
mkdir, etc.)
Here we go!
The following is an example use of the .htaccess file.
Let's assume that it resides at /virtual/yourname/public_html/.htaccess
AuthUserFile /virtual/yourname/public_html/.htpasswd
AuthGroupFile /dev/null
AuthName "Someones Secret Section"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
|
The
.htaccess file affects the directory in which it is placed, so in this
example, any visitor requesting
<URL:http://somewhere.com/somepath/> would be presented with an
authentication request.
The .htaccess file also affects
directories recursively below it. Therefore, requesting
<URL:http://somewhere.com/somepath/evenmore/> would yeild the
same authentication request unless ~/somepath/evenmore had a .htaccess
file of its own.
The first line, starting with AuthUserFile, tells
the webserver where to find your username/password file. We'll create that file
in a minute. For now, change the AuthUserFile line as necessary for your
use.
Notice that the AuthName in the example, "Somewhere.com's
Secret Section," is used in the authentication request.
Using your
favorite text editor, create a file similar to the example, replacing
AuthUserFile and AuthName with values for your situation. Be sure
to name the file .htaccess.
Now that we understand the basic
.htaccess model, how can we specify who is allowed? We'll create an
.htpasswd file named in the AuthUserFile line above.
To
create an .htpasswd file, telnet into the system, go to the directory you specified in
AuthUserFile. Or use this site:
http://www.tools.dynamicdrive.com/password/
In the example, this is /virtual/yourname/public_html/. Then use the htpasswd program
with the -c switch to create your .htpasswd in the current
directory.
Type htpasswd -c .htpasswd
username to create the file and add "username"
as the first user. The program will prompt you for a password, then verify by
asking again. You will not see the password when entering it here:
wwwX:/virtual/yourname/public_html/#
htpasswd -c .htpasswd username
Adding password for username.
New password:
password
Re-type new password:
password |
To add more users in the future, use the same command
without the -c switch:
htpasswd .htpasswd bob
will add username "bob" to your .htpasswd file.
To delete users,
open the .htpasswd file in a text editor and delete the appropriate lines:
username:v3l0KWx6v8mQM
bob:x4DtaLTqsElC2 |
|