How-to Password Protect Your Web Space
Computing Resources >> Tutorials >> Web Development >> How-to Password Protect Your Web Space 


Create Username and Password

Protecting Individual Files

Evaluate this tutorial

Protecting Directories

    Now that you have created your file of users and passwords, move into your public_html directory with the command:

    cd public_html

    Now we need to create a file called .htaccess that the web server looks at for special instructions. Before we do that, however, we need one piece of information: the full path name of the file we created in step 1. The easiest way to do this is to type:

      echo $HOME

    This command will return something that looks like /export/home/u98/login, where login is your user name. The full path of the file we created in step 1 is going to be the result of that command with the name of the file tacked onto the end. It can be easy to forget, so you might want to write it down. In the end, it should look something like, /export/home/u98/joeblow/htusers.

    Now, using a text editor, create a file called .htaccess (yes, there is a period in front of that). For pico users, you can type:
      pico .htaccess

    This will put you into a blank pico editing screen. Now you want to add several entries to your file. Each of these entries consists of a directive followed by a value. These are like attribute/value pairs in HTML. First, you want to give the area you're protecting a name. To do this we use a directive called AuthName, so our first line might look like:
      AuthName "My Web Stuff"

    Next, we need to specify what type of authentication we are using, and where the file is located. This is where we need the line from above. So, the next two lines would look like:
      AuthType Basic
      AuthUserFile /export/home/u98/joeblow/htusers

    Finally, we tell the server what is required for someone to have access to this area of our web space. So we add a final line that says:

      require valid-user

    This says that any user listed in the htusers file that provides a valid password will be allowed in. So, all told, our .htaccess file should look something like:

      AuthName "My Web Stuff"
      AuthType Basic
      AuthUserFile /export/home/u98/joeblow/htusers
      require valid-user

    Now, save your file and exit the text editor. In pico, Ctrl-X will do this. Finally, once you're back at the prompt, type:
      chmod 644 .htaccess

    This makes sure the web server can read your .htaccess file.

    The setup above will password protect every file in your html directory, as well as any files in subdirectories. If that's exactly what you want, you can stop here, but often people are interested in limiting access only to certain files or certain subdirectories. By changing the location of the .htaccess file and/or the contents of the file, you can create more intricate configurations.

    For instance, if you wanted to protect only a subdirectory of your site, while leaving the rest open, you can simply move the .htaccess file into the subdirectory. So, if you had a subdirectory called classwork, where you posted assignments for a professor's eyes only, you could issue the command:

      mv .htaccess classwork

    (Alternately, you could have created your .htaccess file (as in step 2) in that subdirectory instead of your public_html directory.)

    Again, this will protect all the files in that subdirectory, as well as any subdirectories below that one (sub-subdirectories?). If you have more than one first-level subdirectory that you wish to protect, you will need to create a separate .htaccess file for that subdirectory. Just remember, the directives specified in any .htaccess file are applied not only to the directory in which it resides, but all those below it as well.

    next section >

Watch the video

choose format/speed
dial-up | broadband
dial-up | broadband
dial-up | broadband

© 2003 Shane Williams| iSchool | UT Austin | webmaster