home | articles | links | fun | about Up to: Quick math and science observations

Password Protecting Web Directories

Tutorials: Using an htaccess file

• http://resma.net/tutorials/htaccess.php
• http://hoohoo.ncsa.uiuc.edu/docs/tutorials/user.html#Introduction
• http://helpdesk.princeton.edu/kb/display.plx?ID=8707
• http://www.about.com

htpasswd password file generator:

• http://www.e2.u-net.com/htaccess/make.htm

The following instructions are mostly for my own reference, read the above links for detailed explanations.

Main steps

• Create a file named .htaccess in the directory you want to restrict
• Set permissions to 644 ('chmod 644 .htaccess'); be careful because .htaccess is not included in "ls *")
• Create a .htpasswd file, which contains the scrambled (hashed) password for a user

Make .htaccess like this:

        AuthName EnterPassword
        AuthUserFile /u/kazad/.htpasswd
        AuthType Basic

        
        require user hci
        

Make .htpasswd like this:

        hci:QvmbLgv5EX.ZY

Things you change:

        AuthUserFile /u/kazad/.htpasswd => AuthUserFile PASSWORD_FILE
        require user hci => require user USERNAME

PASSWORD_FILE contains the scrambled password, which is compared to the user's input. Use the generator (http://www.e2.u-net.com/htaccess/make.htm) to make this file.

USERNAME is the required user that must log in. They should have an entry in the password file.

You can also restrict acces by domain (allow only those from princeton.edu, for example); look for more advanced tutorials for this info.

Kalid at [email protected]