|
|
Support Forum
How-to Resources
Password Protection
How do I set up password protection for part of my Web site?
You can protect any part of the directory tree of your Web site through
commands placed in a file called .htaccess in the directory at the
top of the tree you wish to protect. For example, if you wish to protect a
subdirectory called main, you would create a .htaccess
file in your ~/htdocs/main/ subdirectory.
Password protection requires at least some of the following commands
in your .htaccess file:
AuthUserFile /web/domain/domainname/passwd
AuthGroupFile /web/domain/domainname/passwd.group
AuthName keyword
AuthType Basic
<Limit GET POST PUT>
require user usernames
require group groupnames
require valid-user
</Limit>
...where userid is your login name, keyword is any single
word that describes your Web site (for example, "MySite"), and
usernames and groupnames are lists of users and groups,
respectively, that will be allowed access to this area of your site.
Only one of the three require statements should be used.
If you put
more than one user or group on a line, separate them with spaces,
not commas.
If you do not need group access control (see below), replace the
AuthGroupFile line with:
AuthGroupFile /dev/null
If you have this file set up correctly, anyone visiting this area of your
site will be greeted with an authorization window (on most browsers) that
asks for their username and password. If they cannot supply a valid
username and password, or the user is not listed on a require user
line, or the user is not in a group listed on a require group
line, access will be denied.
How do I add usernames and passwords?
The files that store encrypted passwords for your Web site should be stored
in your home directory or a sub-directory thereof. To create these files,
you should use the touch command:
touch ~/passwd
When your password file(s) have been created, you can add users with the
htpasswd command:
htpasswd /web/domain/domainname/passwd newuser
...where domainname is your home directory name, and newuser is the
username you want to add or change. You will be prompted twice for the
password.
If you want to change a password, use the same command. If you need to
delete a user, use your favorite text editor on the
/web/domain/domainname/passwd file, and delete the line that
begins with the user's name.
How do I use group access control, and why would I?
A group is a collection of users. You can set up and authorize entire
groups of users, rather than laboriously adding each user to the
require user line. If you want to allow any valid user
(ie, one large group), simply use the require valid-user directive
instead of setting up a group.
If you require two or more distinct groupings of users, however
(perhaps for different subdirectories or different levels of access to your
site), you should use group access control.
You can create the passwd.group file with the touch
command:
touch ~/passwd.group
You should not use
htpasswd to manage this file. Instead, use your favorite text
editor and create entries in the file that look like this:
somegroup: user1 user2 user3
anothergroup: joe harry sally
You can use as many of these lines as you like; each one creates a group of
users. Users can be in more than one group (or none). Be sure to use
spaces to separate users on each line, rather than commas.
To use this group file, make sure the following line appears in the
.htaccess file:
AuthGroupFile /web/domain/domainname/passwd.group
Next, in the <Limit> section of the .htaccess file,
use a require group groupnames directive to restrict access
to the groups that you specify. If you want to allow more than one group,
list them on the same line, separated with spaces (not commas).
Return to How-to Resources
|
