HTAccess Authentication
Tutorial
This tutorial covers web-based user authentication using HTAccess. Web-based
authentication denies web access to visitors who do not give a valid username and
password. This feature allows webmasters to restrict access to certain directories. The
usernames and encrypted passwords are kept in a webmaster-maintained file. This is not
the same as ordering another Infopage Services Telnet/FTP Account. Visitors need not have
a Infopage Services Account to use Web-based access -- the mechanisms are separate and
unique.
Difficulty: Easy to Medium
You will need the following basic skills:
Here we go!
The following is an example use of the .htaccess file. Let's assume that it resides at /mnt/web/guide/somewhere/somepath/.htaccess
AuthUserFile /mnt/web/guide/somewhere/somepath/.htpasswd AuthGroupFile /dev/null AuthName Somewhere.com's Secret Section AuthType Basic <Limit GET POST> require valid-user </Limit> |
The .htaccess file affects the directory in which it is placed, so in
this example, any visitor requesting <URL:http://somewhere.com/somepath/>
would be presented with an authentication request.
The .htaccess file also affects directories recursively below it. Therefore,
requesting <URL:http://somewhere.com/somepath/evenmore/> would yeild the
same authentication request unless ~/somepath/evenmore had a .htaccess file of
its own.
The first line, starting with AuthUserFile, tells the webserver where to find your
username/password file. We'll create that file in a minute. For now, change the AuthUserFile
line as necessary for your use.
Notice that the AuthName in the example, "Somewhere.com's Secret
Section," is used in the authentication request.
Using your favorite text editor, create a file similar to the example, replacing AuthUserFile
and AuthName with values for your situation. Be sure to name the file .htaccess.
Now that we understand the basic .htaccess model, how can we specify who is allowed? We'll
create an .htpasswd file named in the AuthUserFile line above.
To create an .htpasswd file, go to the directory you specified in AuthUserFile.
In the example, this is /mnt/web/guide/somewhere/somepath. Then use the htpasswd
program with the -c switch to create your .htpasswd in the current
directory.
Type /var/www/bin/htpasswd -c .htpasswd username to create the file
and add "username" as the first user. The program will prompt you for a
password, then verify by asking again. You will not see the password when entering it
here:
wwwX:/mnt/web/guide/somewhere/somepath# /var/www/bin/htpasswd -c .htpasswd username Adding password for username. New password: password Re-type new password: password |
To add more users in the future, use the same command without the -c
switch: /var/www/bin/htpasswd .htpasswd bob will add username
"bob" to your .htpasswd file.
To delete users, open the .htpasswd file in a text editor and delete the appropriate
lines:
username:v3l0KWx6v8mQM bob:x4DtaLTqsElC2 |