.htaccess and .htpasswd

Today I’ve been struggling with .htaccess and .htpasswd in order to password-protect a directory on a site I’ve been working on.

I always find that when I google for help I get sites that kind of help but not 100% so here’s my problem and solution.

The Problem

I have an admin area that needs protecting and HTTP-authorization is the most secure; this needs .htaccess and .htpasswd files to be setup accordingly. I created .htaccess with the values:


AuthType Basic
AuthName "Authenticated Users only"
AuthUserFile /var/www/html/folder/subfolder/.htpasswd
require valid-user

Then I needed to create the .htpasswd file and every website I found through google told me I needed to telnet/ssh into my web account and type some commands. I don’t have the option to do that so, I had to create the .htpasswd file as a text file on my pc then upload it via FTP. After much deliberating and googling I found ahtpasswd password encryption tool. Just type in what you want as the username and password and it will convert it to unix encoding then just copy the text into a text file and save as .htpasswd, upload both to your server and voila.

ftp woes

When I looked at the files on my FTP server just after uploading I could see them them, but if I disconnected and reconnected just a few minutes later. However my technician infomed me

by default unix hides files starting with a . you need to use ls -la to see them

The other quickly resolved problem revolved around the fact that by default .htaccess is disabled in apache, but the technician re-enabled it and all was fine.

Update (17/09/2005)

It’s probably best you place the .htpasswd file somewhere away from the main site directory e.g. somewhere a hacker can’t just type in www.yoursite.com/directory/.htpasswd and get your passwords! The example I’ve used of /var/www/html/folder/subfolder/.htpasswd shouldn’t be copied and is very insecure. A much better soltuion would be /var/.htpasswd.

You should also setup Apache so it doens’t allow people to see your .htaccess nor .htpasswd files.

Share and Enjoy

These icons link to social bookmarking sites where readers can share and discover new web pages.

This entry was posted on Tuesday, 22nd June 2004 at 2:38 pm and is filed under Web Development. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

Close
E-mail It
Socialized through Gregarious 42