kurt.santo Posted January 7, 2008 Share Posted January 7, 2008 Heard that you can password protect a folder via .htaccess in combination with .htpassword or similar. Does anyone know how to do this?Kurt Link to comment Share on other sites More sharing options...
Jamesking56 Posted January 7, 2008 Share Posted January 7, 2008 Part 1: Create a password file and put it on the serverTo create a password file and put it on the server: 1. Windows - Open Notepad: Click Start, point to Programs, point to Accessories, then click Notepad. Macintosh - Open Text Edit: Double-click your Macintosh HD icon, then double-click the Applications folder, then double-click the TextEdit icon. 2. Open a new blank file and name it: htpasswd 3. Set up one or more username/password combinations using one of the following sites that can generate encrypted UNIX passwords: * New Window http://spectrum.troy.edu/password/ * New Window http://www.flash.net/cgi-bin/pw.pl 4. From the form, copy and paste the username/password combinations into your htpasswd file, noting the following: * Each username/password combination should be on its own line. * Put nothing else in this file. For example: joeuser:33dJ3Dq1oYPd2 5. Using FTP, upload the htpasswd file to your /usr/users/bcusername/ folder on the www2.bc.edu server. Important: * Be sure the FTP transfer mode is set to "ASCII" and not "binary". * Although this password is not easy to read, there are programs on the Internet that can break this password. Part of keeping your passwords secure is not letting anyone get access to this file. For that reason, we recommend that you not put them in the folder with the documents you are protecting, or even the root level of your Web site. We recommend that you put them in the folder whose name is your username: /usr/users/bcusername/ Not in: /usr/users/bcusername/www/ 6. Using FTP, change the name of the file on the server to .htpasswd with nothing before the period.Part 2: Create an .htaccess file in the folder you would like restrictedTo create an .htaccess file in the folder you would like restricted: 1. Windows - Open Notepad: Click Start, point to Programs, point to Accessories, then click Notepad. Macintosh - Open Text Edit: Double-click your Macintosh HD icon, then double-click the Applications folder, then double-click the TextEdit icon. 2. Open a new blank file and name it: htaccess 3. Copy and paste the following text into the file: AuthUserFile /usr/users/myusername/.htpasswd AuthName "YOUR SITE'S NAME" AuthType Basic < Limit GET> require user joeuser < /Limit> 4. Edit the line: AuthUserFile /usr/users/myusername/.htpasswd changing "myusername" to your BC username. 5. Edit the line: AuthName "YOUR SITE'S NAME" The words you put here show up in the authentication dialog box. * In Netscape, this line of text appears in the middle of the following phrase: Enter username and password for "YOUR SITE'S NAME" at www2.bc.edu. Note: You cannot change the surrounding phrase: "Enter username and password for...at www2.bc.edu." For example: AuthName"BC Help Center Restricted Page" appears as the following in Netscape (refer to Figure 1): Figure 1: Example of text that appears on login prompt in Netscape. Figure 1: Example of text that appears on login prompt in Netscape. * In Internet Explorer, this line of text appears with nothing around it. For example: AuthName"BC Help Center Restricted Page" appears as the following in Internet Explorer (refer to Figure 2): Figure 2: Example of text that appears on login prompt in Internet Explorer. Figure 2: Example of text that appears on login prompt in Internet Explorer. 6. In the second to last line, change the word "joeuser" to the username you put in your password file. Important: Do not include the password in this file. For example, to change the username to "anotheruser" this last 3 lines would read: < Limit GET> require user anotheruser < /Limit> -OR- To allow any username/password combination in your password file to access the folder, enter the following for the last 3 lines: <Limit GET POST> require valid-user </Limit> 7. Using FTP, upload your edited htaccess file inside the folder you want restricted on the www2.bc.edu server. Important: Be sure the FTP transfer mode is set to "ASCII" and not "binary". 8. Using FTP, change the name of the file on the server to .htaccess with nothing before the period.Part 3: Test the set upTo test the set up: 1. Open your Web browser and go to the page you have just protected. You should receive an authentication dialog box similar to Figure 1 and 2 above. 2. Enter an incorrect username and password to make sure it fails. 3. Enter the correct username with an incorrect password to make sure it fails. 4. Enter the correct username and password to make sure it works.Limitations to this method of authenticationThe following are limitations to this "basic" method of authentication: * The password is not encrypted as it goes over the network, so it could be sniffed. * The password and username remain in the browser until the user closes their Web browser completely. This means that shared computers or unattended computers are potential security risks. * If the user tries to go to another www2.bc.edu site that has a different username and password, they will get an immediate "access denied" message. They will not even see the authentication dialog box. This is because with basic authentication, the username and password is stored in the browser and the system makes the assumption that for any given server a person has only one username and password. To get past this limitation the user must close all windows of the Web browser, quit the browser, and then launch a new browser session to go to the second location. * The .htaccess restriction only limits access through a Web browser. Other BC students, faculty, and staff who have accounts on the www2 server may be able to retrieve your documents using FTP. Remember that www2 is primarily a public Web server, not designed for restricting confidential documents. For better handling of confidential documents, use New Window MyFiles@bc and New Window WebCT Web.enjoy Link to comment Share on other sites More sharing options...
kurt.santo Posted January 7, 2008 Author Share Posted January 7, 2008 Great input, mate! Will have a go tomorrow when I have a bit more time (seems like I have to spend a week on this;-))...Kurt Link to comment Share on other sites More sharing options...
Norman Posted January 7, 2008 Share Posted January 7, 2008 Or: http://www.freewebmasterhelp.com/tutorials/htaccess/. Link to comment Share on other sites More sharing options...
kurt.santo Posted January 8, 2008 Author Share Posted January 8, 2008 Or: http://www.freewebmasterhelp.com/tutorials/htaccess/. Cheers!Kurt Link to comment Share on other sites More sharing options...
Coolguy Posted January 15, 2008 Share Posted January 15, 2008 Here is a great and simple way to implement .htpasswd (plus it encodes the passes in the password listing):http://tools.dynamicdrive.com/password/For an awesome guide on .htaccess and its uses go here:http://www.javascriptkit.com/howto/htaccess.shtml Link to comment Share on other sites More sharing options...
kurt.santo Posted January 16, 2008 Author Share Posted January 16, 2008 Here is a great and simple way to implement .htpasswd (plus it encodes the passes in the password listing):http://tools.dynamicdrive.com/password/For an awesome guide on .htaccess and its uses go here:http://www.javascriptkit.com/howto/htaccess.shtml Cheers:-)Kurt Link to comment Share on other sites More sharing options...
kurt.santo Posted January 17, 2008 Author Share Posted January 17, 2008 Read all the info and implemented the advice. Tried it and worked. Tried it again and does not work, browser sends my to my "permission needed page". Why could that be? I did not change the pw or username? Now it even does not let me delete the folder I created for testing, strange...Kurt Link to comment Share on other sites More sharing options...
Jamesking56 Posted January 21, 2008 Share Posted January 21, 2008 Did you encrypt the usernames/passwords? Link to comment Share on other sites More sharing options...
kurt.santo Posted January 22, 2008 Author Share Posted January 22, 2008 Did you encrypt the usernames/passwords?It actually works now in a different place. It seems my problem lies again somehow in the display of my remote files. When I try to delete a folder where I placed a .htaccess file it says "Command: RMD folderProtect, Response: 550 folderProtect: Directory not empty". When I go into directory I cannot see any file, and this although I set FileZilla (also tried it with Dreamweaver with same result) to show hidden files. Why could that be? Followed your instructions to transfer as text file and then change file extension/front bit when uploaded. Why do you have to do this? In FileZilla and Dreamweaver you can assign the modes of transfering files to any file extension. I created on for .htaccess (ascii).Another question in same context: How again do you find out what exact path is the folder above your web root? Justsomeguy told me some time ago, but I used it back then and completely forgot how to (apart from asking hosting company).Kurt Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.