Creating a .htaccess file is very easy and can be done with any ASCII text editor like textpad or notepad. I´ve noticed that many people are confused about the strange filename. Well - actually this file doesn´t even have a name at all, it´s just a long file name extension - .htaccess. Hence, the DOT before "htaccess" is NOT a typo.
Using your favorite text editor, create a text file called ".htaccess" that looks like the following:
AuthName Private_Site
AuthUserFile /home/httpd/html/www.yourdomain.com/.htpasswd
AuthType Basic
<Limit GET POST>
require user username1
require user username2
require user username3
</Limit>
Let's look at each statement in this file:
AuthName. This line sets the "title" of the dialog box that pops up when the user tries to enter the password protected directory. You can type in anything that is appropriate as long as there are no spaces in the title.
AuthUserFile. This line sets the full Unix pathname to the ".htpasswd" file (which you are going to create in a few minutes). The ".htpasswd" file, remember, will contain a list of valid user names and passwords. Generally, this file is kept in your home directory, as indicated in the above example. On our server, the full Unix pathname to your home directory will be like so (substitute your domain name for "yourdomain.com"):
/home/httpd/html/www.yourdomain.com
If in the future your forget the pathname to your home directory you can always figure it out. Just telnet (see the discussion of telnet in section 6) to your home directory on the web server and issue this command from the Unix prompt:
- pwd
The "pwd" command will show you the full pathname to your home directory starting at the system's root directory. Jot down the pathname that pwd gives you and add ".htpasswd" at the end of it.
AuthType. This sets the kind of authorization you want to use. This is kind of technical. For our purposes, all you need to know is that you set this line to "Basic".
<Limit GET POST>. This HTML-ish statement sets the type of http request that will require a user ID and password when the request is used on the protected directory. GET and POST are the two methods by which an http server can provide access to a directory to an internet user. Set both GET and POST in your limit statement and you restrict both kinds of access. The words "GET" and "POST" are case sensitive - they have to be in all capital letter.
require user username1. This statement (and the next two as well) tell the web server that a "valid" user, and an associated password, is required before the directory can be accessed. For each unique user you want to have access to the directory, add a "require user" to the .htaccess file, along with the desired user name. For example, to allow user "bob" access to the directory, add this statement to the .htaccess file:
- require user bob
You will create a new user called "bob" when you create the .htpasswd file later in this tutorial.
A less tedious way to create valid users in the .htaccess file is to simply use the statement:
- require valid-user
Instead of having a separate line in .htaccess for each user, you simply use this statement, which says to the web server, "allow access to all of the valid users in the .htpasswd file".
</Limit>. This statement simply "closes" the limit statement. It works much like a closing "container" tag in HTML.
That's it. Use your FTP program to upload this file into the directory you wish to password protect.
|
|
