If you want to password protect some of your web pages, then you need to use a .htaccess file with a .htpasswd password file. This tutorial will tell you step-by-step what you need to do.
Contents
You will be executing commands directly on the web server, and the only way to do that is via SSH. SSH is basically a secure form of telnet, and you can use SSH to do anything you might typically do with telnet. So, you must have a SSH client to connect to the web server via SSH.
You will also need a FTP client if you want to create your .htaccess file on your own system, then upload it to the web server.
The only other thing you need is aweb hostingaccount from Anchor. This would simply be your FTP account information that you received when your service started. To connect via SSH you would just use the same hostname, username, and password as your FTP account.
Let's suppose you want to restrict files in a directory calledmembersto usernamememberonewith passwordmemberonepassword. Here's what to do:
Create a file called.htaccessin directorymembersthat looks like this:
AuthType Basic AuthName "Restricted access" AuthUserFile /home/USERNAME/.htpasswd require valid-user
Notes:
In the AuthUserFile line, replace USERNAME with your ftp username.
Also note thatAuthNamecan be anything you want. The AuthName field gives the Realm name for which the protection is provided. This name is usually given when a browser prompts for a password, and is also usually used by a browser in correlation with the URL to save the password information you enter so that it can authenticate automatically on the next challenge.
Use the htpasswd command, from yourhome directory, to create a password file called.htpasswdin yourhome directory:
SSH to yourhome directory. This is simply done by connecting with your SSH client and NOT entering any path, and NOT changing directories after connecting.
After connecting to yourhome directoryvia SSH, enter:
# htpasswd -c .htpasswd memberone
Type the password --memberonepassword-- twice as instructed.
That's the setup done. Now test by trying to access a file in the directorymembers; your browser should demand a username and password, and not give you access to the file if you don't entermemberoneandmemberonepassword.
If you want to give access to a directory to more than one username/password pair, follow the steps above to create the .htaccess file and to create the .htpasswd file with one user. Then, add additional users to the .htpasswd file by using thehtpasswdcommand without the-c:
# htpasswd .htpasswd membertwo New password: Re-type new password: Adding password for user membertwo
If you want to change the password for an existing user, simply issue the same command as when you added the user. You will then be prompted for a new password. For example, if the user membertwo already exists and you want to change the password, just SSH to your home directory and enter:
# htpasswd .htpasswd membertwo
If you want to password protect multiple directories, and allow all users access to all password protected directories, then all you need to do is put the same .htaccess file in each directory that you want to password protect.
However, if you want to password protect multiple directories, and only allow certain users access to each directory, then you can create a different password file (all in your home directory) for each password protected directory.
Let's say you have 3 different directories (members, admins, board) you want password protected, and each one has a different set of users that you want to allow access. Then just do the following:
Create three .htaccess files and put them in their appropriate directory:
AuthType Basic AuthName "Restricted access" AuthUserFile /home/USERNAME/.htpasswd.members require valid-user
AuthType Basic AuthName "Restricted access" AuthUserFile /home/USERNAME/.htpasswd.admins require valid-user
AuthType Basic AuthName "Restricted access" AuthUserFile /home/USERNAME/.htpasswd.board require valid-user
Remember to replace USERNAME with your ftp username (in lower case).
Create three .htpasswd files in your home directory:
# htpasswd -c .htpasswd.members memberone # htpasswd -c .htpasswd.admins adminone # htpasswd -c .htpasswd.board boardmemberone
That's it. Now when you need to add a user to one of the directories, just issue the htpasswd command on the appropriate .htpasswd file.
Note: There is no correspondence between the usernames and passwords used for anyweb hostingaccounts on your hosting provider's servers, and usernames and passwords in any specific .htpasswd file. A user does not need to have a hosting account in order to be validated for access to password protected directories. Also, .htaccess protects the entire contents of the directory, not just the web page (HTML file). Any files stored in the directory will also require a password for viewing.
MD5 encryption method is more secure than the crypt method. This is the default method since Apache 2.2.18. The password generated by using this method can be used on both Windows and Linux based systems. This method is same as using the command or the web2generators.com generator :
htpasswd -m /usr/local/etc/apache/.htpasswd user1 |
web2generators.com: htpasswd generator |
htaccesstools.com: htpasswd generator |
Here is a script which I created based on the function I found on Stack Overflow.