These instructions will guide you though setting up web-based user authentication using .htaccess with a Smartnet UNIX Web Hosting Account. These instructions should not be used for MS FrontPage web hosting accounts. To setup web-based user authentication with .htaccess, you will need the following:
Below is an example of a standard .htaccess file:
| <Files ".ht*"> order deny,allow deny from all </Files> AuthUserFile /home/username/www/controlled/.htpasswd AuthName "Authorized Users Only" AuthType Basic <Limit GET> require valid-user </Limit> |
The .htaccess file will control access to all files and directories in which it is placed. For example, if you create the .htaccess file in your /www directory, your entire web site will be password protected. Likewise, if you create the .htaccess file in /www/private only those files and directories within the /private directory will be protected. The following instructions assume that the directory you want to protect already exists. If not, please create the directory before proceeding.
Create the .htaccess file
Telnet to your Smartnet web hosting account. Using a text editor such as pico, create a file called .htaccess in the directory that you want to protect. For example:
To change to the /private directory, type: cd /www/private
To create the .htaccess file, type: pico .htaccess
Copy and Paste the information from the example above to your newly create .htaccess file.
Modify the .htaccess file
There are two lines that should be customized to your specific requirements.
AuthUserFile:
This line tells the webserver where your list of authorized users can be found, which you will create shortly. Modify the AuthUserFile line to correctly identify the path where you plan to keep this file.
AuthName:
The AuthName is used to describe the realm, such as "Authorized Users Only" or "Private Pages". Type the AuthName that best fits your situation.
After completing the modifications, exit the .htaccess file and save your changes.
Set the .htaccess permissions
Before your .htaccess file will work, you will need to change the permissions on the file to 755 by typing the following from the command line in the directory where your htaccess file is located:
chmod 755 .htaccess
Create the list of authorized users
Change to the directory that you specified in the AuthUserFile line of the .htaccess file. For the first user that you want to add, you will need to run the following command (replace username1 with the actual username):
htpasswd -c .htpasswd username1
The -c flag tells the system to create a NEW .htpasswd file. This flag should only be used ONCE when creating the initial .htpasswd file. After creating the first user, finish adding all other users without the -c flag. For example:
htpasswd .htpasswd username2
Modifying the list of authorized users
Password Changes:
Simply re-add the user by running the htpasswd command. For example:
htpasswd .htpasswd username2
Delete a User:
To delete a user, you will have to remove them directly from the .htpasswd file. To do this, edit the file with a text editor such as pico and remove the entire line containing their username. To remove the user bob using the following example, you would remove the entire line that reads "bob:x4DtaLTqsElC2".
username:v3l0KWx6v8mQM
bob:x4DtaLTqsElC2
When deleting a user from .htpasswd, be sure not to leave any blank lines.
You have now completed the setup process for .htaccess! Please feel free to try out the example below.
Here is the example. The name is testing and the password is 123.
The .htaccess file looks like this:
<Files ".ht*">
order deny,allow
deny from all
</Files>
AuthUserFile /usr/local/etc/httpd/htdocs/references/how-to/testing/.htpasswd
AuthName For Testing Purposes Only!
AuthType Basic
<Limit GET>
require valid-user
</Limit>
Technical Support: support@smart.net
Billing: billing@smart.net
Webmaster: webmaster@smart.net