Intro to: .htaccess and .htpasswd

illu_htaccessSo you’ve got a bunch of people who you would like to provide with content on your website.  You also do not want everyone that visits your site to view this information.  How do you allow access to some members, but not to others?  The simple solution is to create a members area in your site by creating .htaccess and .htpasswd files!

The .htaccess file is a simple text file that allows you to change some of the configuration directives of the web server.  The .htaccess file is much more powerful than just that and I hope to explain more about it in this article.  It is worth noting that .htaccess files are not compatible with Windows Servers.

The .htaccess file has many uses including:  Blocking Users by IP Address, Preventing or Allowing Directory Listings, and Changing Error Documents.  In this post I will focus on using the .htaccess file to password protect your folders.  This can be useful if you wish to set up something like a “Members” area on your web page that will allow only users that have a username and password access to these areas.  You can create a .htaccess and a .htpasswd file in order to set up simple user/pass protection.

Password protection relies on two files.  The .htaccess file tells the webserver that viewing content in such folders requires authorization.  The second is the .htpasswd file and it contains the information about the users and their passwords.  The information in your .htpasswd file will be very simple and will look like this:

webuser:qkbPmuht5Gzgc

This is, of course, your username and password. The password is encrypted for security purposes.  The .htpasswd file is created using the Apache command line and can be done on easily through most File Managers.  For example, with IX Web Hosting there is a “Protect” option that will create one for you automatically.  Once you have the .htpasswd file created you will need to create the .htaccess file.  This is also something that can be handled by most Control Panels.  The file should be located in the same place as the folder you wish to secure.  It should look something like this:

AuthType Basic
AuthUserFile /hsphere/local/home/username/.htmaster/.ok_user
AuthName “Enter valid username and password!”
require valid-user

The line AuthUserFile tells the web server where to look for the file containing the usernames which are allowed to access the folder.  The AuthName is what is printed in the user/prompt of the visitor’s browser.  Protecting a single file can be a little bit trickier.  You will have to specify the file that you wish to secure.  You will need to add the following lines to protect “my-secret-file.html”:

AuthType Basic
AuthUserFile "/home/username/path_to_htpasswd/.htpasswd"
AuthName "Enter valid username and password!"

<Files my-secret-file.html>
require valid-user
</Files>

I hope this brief introduction to the .htaccess file has helped you understand one of the primary uses and some of the awesome power of the .htaccess file!

It is probably worth mentioning here that I work for a web hosting company called IX Web Hosting so that is what I am referring to when I mention our servers.

27
Oct
Written by Brian
Categories: Uncategorized
Tags: ,

Leave a Reply