Question: How can I password protect directories?
Yes, you can password protect specific directories within your website. As such, visitors will be prompted for id and password to gain access to any web page within such a directory. This does NOT affect FTP access.
Please note that this method only works if the directory you're trying to protect is served exclusively by Apache. If you have jsp/servlet support with Resin, JBoss, or Tomcat, you will have to configure directory protection within your JVM configuration.
Say you want to password protect a URL like http://www.yourdomain.com/members/. This URL might have a directory structure on our webservers/fileservers like /home1/u/username/public_html/members/ or /home2/u/username/public_html/members/. (contact support if you are unsure how to determine your home directory path.)
First we need to create what is called a password file. We can do this with the /usr/local/apache/bin/htpasswd command. To create your password file you simply type (on the shell command line.) /usr/local/apache/bin/htpasswd -c /home1/u/username/<password_file_name> <login_name>. In that command, password_file_name is the name of the file you want to have for your password file and login_name is the login name of the user you want to add to your password file.
The new website login name is independent of your SSH login name. Website access passwords are inherently weak so you should never use the same password for member or system accounts.
I might use something like /usr/local/apache/bin/htpasswd -c my_password_file admin
When I type that in it should ask me what password I would like for the login name admin.
Next we need to create a .htaccess (note the leading period.) file within the directory we want to protect. To do this I would change directories into the directory I want to protect with
Then I would open the file I want to create with a 'nano -w .htaccess'. This invokes the command line file editor.
Once the editor is open and you're editing the file, you want the file to read something like:
<Limit GET POST> order deny,allow deny from all allow from all </Limit> <Limit PUT DELETE> order deny,allow deny from all </Limit> AuthName "Members Section" AuthType Basic AuthUserFile /home1/u/username/my_password_file require valid-user
After you're finished editing the file, you can exit with <CTRL>-X, answer YES that you want to save it, and just push <ENTER> to verify the filename.
That should be it! If you go to your URL: http://www.yourdomain.com/members/ it should now ask you to enter a user name and password! Just put in the login name and password you supplied when you created the password file, and it should let you in.
This only works on domains served with Apache. Generally Apache encompasses *.php, *.htm, *.html, *.pl. *.epl, and *.asp pages. Domains supporting *.jsp and Java Servlets may not function correctly with .htaccess files.
To add more users to your password file you don't need the '-c' part of the command. So, to add a user to our password file above we might use something like /usr/local/apache/bin/htpasswd /home1/u/username/my_password_file <new_user_login> where new_user_login is the login name of the user we want to add.
If you are having difficulty and need help, please do not hesitate to ask customer support. Just send us an email at: firstname.lastname@example.org.