HTTP Basic Authentication
Summary: You may use HTTP Basic Authentication to restrict access to your web diretories by looking up users in plain text password files.
This page has an email and my response on how to set up password protected directories on the monkeybrains server.
Read this page and these links to the Apache site to learn more:
mod_auth info
Authname info
You need two files on the server to make Basic Auth work:
.htaccess in the directory you wish to protect:
AuthUserFile /home/USERNAME/www.DOMAIN.com/docs/.htpasswd AuthGroupFile /dev/null AuthName "SoMe NaMe ..." AuthType Basic require valid-userIf you do not own a domain name, you need to set your AuthUserFile to something like this: /home/jane/public_html/.htpasswd |
.htpasswd a file containing valid username and passwords. You may name this file something other than 'passwords'. Many people call it .htpasswd
name:encrypted-password |
Subject: HTTP user authentication On Sun, 28 Jan 2001, Scott wrote: _Hi Rudy, _ _So far so good on getting my site set up. Now I want to use HTTP user _authentication to password protect files in one directory. I haven't been _able to get it to work, though, and am hoping you know what I'm doing wrong. _ _Here's my .htaccess file contents: _ _AuthUserFile /www.claremontacademy.com/docs/passwd/.htpasswd _AuthGroupFile /dev/null _AuthName Family Web _AuthType Basic _require valid-user _ _The AuthUserFile path is what shows in my FTP client (CuteFTP) but I'm not _sure that's the right path. I couldn't access Telnet except to change my _password so I couldn't check my path that way. I may not have the _permissions set up correctly, either. _ _I guess the other possibility is that this functionality is not supported on _MonkeyBrains? I hope that's not the case, and that I'm just doing something _wrong. _ _Thanks in advance for your help, _ _Scott Your actual directory path is /www/www.claremontacademy.com/docs/passwd/.htpasswd or, /home/scottmcdonald/www.claremontacademy.com/docs/passwd/.htpasswd or this relative path will work: www.claremontacademy.com/docs/passwd/.htpasswd The FTP client is chroot'd to your users home directory in a feeble attempt to secure the server against nosey users. This prevents a malicious customer from culling user names (by browsing the home directroy) for spam. You're right, this is not clear: I'll add a help page to the monkeybrains server. A better solution would be to use relative paths: passwd/.htpasswd should probably work. For more info, check out: http://httpd.apache.org/docs/mod/mod_auth.html#authuserfile Another thing is wrong with your file as well... you need quotes around the AuthName is you want to use spaces: AuthName "Family Web" would work. More info: Visit Apache.org for more info your isp, Rudy