Mark Hensler — Sun, 19 Aug 2001 05:52:20 +0000

That worked very nicely, thanks!

mairving — Fri, 17 Aug 2001 20:45:08 +0000

Well, there would be several viable ways to do so in Apache's httpd.conf file. You could use the directive. I use the on one of my sites. It specifies some directories that are public (allow). It also specifies that the other directories that can't be accessed at all from a browser (deny).

Here are the directives for Apache. Look over the location directive.

Mark Hensler — Fri, 17 Aug 2001 16:09:05 +0000

What is the syntax for the Apache conf?

mairving — Fri, 17 Aug 2001 10:49:10 +0000

Too many problems sometimes doing it this way. Do you have shell access to the system via telnet/SSH? If so here are the steps:

Installing the .htaccess involves a few steps. The most important thing is to make sure you do not install the .htaccess file in your main web directory. If you do, everyone will be locked out of your website. Unless this is what you want to do, make sure you create the directory and are located in it before creating the file.
Step 1: See where you are. At your prompt enter the command pwd to see what directory you are in. If you already have made your new directory and are in it- go to Step 3.

Step 2: issue the command mkdir dirname where dirname is what you want to call the directory you will be protecting. Then enter the command cd dirname

Step 3: Using an editor such as vi or pico, create a file called .htaccess (lower case letters of course- with the leading period) that looks just like this:
AuthUserFile /usr/www/dirname/.htpasswd
AuthGroupFile /dev/null
AuthName "The Secret Page"
AuthType Basic

require valid-user

Step 4: Change the AuthUserFile so that the UNIX PATH matches that of your system. This is where the password file that we will create in a moment will reside.

Step 5: Change The Secret Page to be whatever title you want to have appear on the password box.

Step 6: To create the password file, issue the following command: (NOTE: you only do it this way to create a new file)
htpasswd -c .htpasswd user_name (where user_name is a name)
If you get a message like, htpasswd: not found enter the command type htpasswd. If that doesn't do the trick, try which httpd. If htpasswd is not in your path, you will have to add that directory to your path or enter the command as /what/ever/dir/htpasswd -c .htpasswd user_name

Step 7: The system will ask you to enter the password for this user. It will then ask you a second time to confirm your typing.

Step 8: Continue to add new users, but with this version of the command. The -c option is only for the initial creation of the file.
htpasswd .htpasswd new_name

That is all there is to it! If you experience any unexpected problems, or you change your mind about restricting access, just issue the command:

rm .htaccess

If you don't have shell access to your system, more than likely your your path to your password file is not correct. I am not a huge fan of htaccess myself. On a busy server, you can have some performance problems since it has to read this file constantly to verify users. It is best to add the lines to your Apache conf files. Most hosts don't really want to do this since they have to restart the server and if it doesn't work, they have to fix it.

a_gajic — Fri, 17 Aug 2001 09:12:28 +0000

I have the same problem..