[an error occurred while processing this directive]
        back to Welcome Page Web Hosting Plans About our Web Design Services About our Web Promotion Services Our clients web sites Support        
web hosting web hosting

Wolf Web Solutions Customer Support Customer Support
Password Protecting a Directory

To password protect a directory:

Access Required: Telnet, FTP

Basic Password Protection
DBM-based Password Protection (recommended for high volume sites)
Referrer Based Protection


HTAccess Basic Site Password Protection
 You can password protect directories of your web site, so only users with a given username and password can access that directory and files within it. The most popular method used is HTAccess.

Single User Protection:

1. Create the directory your want to password protect in your public_html (example: members)

2. Create a file with a text editor (eg: Notepad) called: .htaccess (It is a text file without a name with the file extension of "htaccess") that looks similar to:

AuthUserFile /homeX/domain/.htpasswd
AuthGroupFile /dev/null
AuthName "Private Area"
AuthType Basic

<Limit GET>
require user myfriend
</Limit>

3. Upload the file using ASCII file mode to the directory to protect.

4. Create the password file /homeX/domain/.htpasswd using the program /usr/local/bin/htpasswd

To do this, log into your account via Telnet and type:


htpasswd -c .htpasswd myfriend

When prompted, enter the password for that user.

That's it! Now try to access a file in the protected directory with your Web Browser, by entering the username and password when prompted.

If you add additional users, make sure to use htpasswd without the -c flag, which is used to create a new file.

To change the password for the username you just set up, use the htpasswd without the -c flag and you'll be prompted for the new password.

Multiple User/Group Protection:

Create your directory in public_html (example: membersonly), to contain the protected files.
Create a file .htgroup in your root directory that contains the group name and list of users:
member-users: user1 user2 user3
Modify .htaccess, so it looks similar to: 


         AuthUserFile /homeX/domain/.htpasswd
         AuthGroupFile /homeX/domain/.htgroup 
         AuthName "Members Area"
         AuthType Basic 
      <Limit GET> 
      require group member-users 
     </Limit>
Create the password file (.htpasswd) using the program htpasswd for each user (as above in part 1) You don't need the -c option if you are using the same .htpasswd file (-c is used to create a new file).

htpasswd /homeX/domain/.htpasswd user1
htpasswd /homeX/domain/.htpasswd user2
and so on...
Remember to add any new users to the .htgroup file.
Now try to access a file in the protected directory by entering the set username and password when prompted for it.
If you add additional users, make sure to use htpasswd without the -c flag, which is used to create a new file.
Keep in mind that all files should have a blank line at the bottom and to always use the full path to your configuration files.

For further details, please refer to the Authentication Tutorial from NCSA.


DBM-based Site Password Protection
If you will have more than a hundred users, we recommend that you use DBM-based authentification.

DBM Authentification Set-Up:
1. create your password-protected directory inside public_html.

2. create the directory where the password files will be stored inside your ROOT directory (NOT public_html for security purposes).

3. in the protected (in public_html) directory, create an .htaccess file.
Example: 

AuthDBMUserFile /home3/yourdomain/access/.htpasswd
AuthGroupFile /dev/null
AuthName "Protected Area"
AuthType Basic

require valid-user
4. In the access (not in public_html) directory, do this:
ln -s .htpasswd .htpasswd.pag
and then
ln -s .htpasswd .htpasswd.dir

5. Then use dbmm program (/usr/local/bin/dbmm).

To add users, use the command:
dbmm /home3/yourdomain/access/.htpasswd adduser username password

For more details, run dbmm without any arguments.

If you would like to use group-based access control as well (the above is plain user based, though you can add as many users as you wish), please follow the further Apache instructions (create a group db file, or combine then as in the instructions there).

Keep in mind that all files should have a blank line at the bottom and to always use the full path to your config files.


Referrer Based Protection

 1. Create the directory you want to protect access to based on referrers your public_html

2. Create a file .htaccess in that directory that looks similar to: 

AuthUserFile /dev/null
AuthGroupFile /dev/null 

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/restricted/
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/restricted/
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/
RewriteCond %{HTTP_REFERER} !^http://authorizedlinksite.com/
RewriteCond %{HTTP_REFERER} !^http://www.authorizedlinksite.com/
RewriteRule /* http://www.yoursite.com/restricted/index.html [R,L]
Where yourdomain.com is your domain and authorizedlinksite.com is a site that can link to your restricted directory. There can be no, or multiple, such authorized link sites. Note that the trailing slashes (/) are important and must be included.

3. Now try to access the authorized directory from a link on your site, from a link on the authorized site(s), if any, and, if possible, from a link from an unauthorized site (to ensure that it is restricting access properly).

Back to the page you just came from
[an error occurred while processing this directive]

Have a question? Ask Wolf Web!


top of page
[ Home | Hosting | Sign Up | Design | Promotion | Domains |Clients | Web Mail | Support | Resources | Contact | Site Map | Search ]