The .htaccess fileComplete documentation of this and similar directives can be found on the Apache documentation website at http://www.apache.org/docs/mod/directives.html. Note that not *all* of these directives are user-configurable at Illuminati Online.
To password protect access to your site or to a specific directory, the first thing you will need to create is a file named .htaccess and place it in the directory that you want to protect, containing specific information something like this:
You can also specify individual usernames from your .htpasswd file such as:
You can have as many usernames as you wish. Be sure to place the message after the AuthName in quotations or you will get a Server Error.
For instance, if your login name is dozer, and your .htpasswd file resides in your home directory, the first line might be:
If you are creating your .htaccess file for a virtual domain, it might use a path more like:
NOTE: do NOT place the "www" portion of your domain name in the above example. If your domain name is say www.abc.com, then you would use:
The .htpasswd fileThe next step is the creation of the .htpasswd file. This file contains a list of the usernames and passwords.
There is no
between usernames and passwords on specific Unix systems (e.g. in an
In simple terms this means that you can use whatever usernames and passwords you want, for anyone since there is absolutely no connection between the .ht passwd file's usernames and password and Unix logins or accounts. (From NCSA's User Authentication Tutorial)
The .htpasswd file can be placed anywhere under your home directory but you may find it easier to keep it in the same location as your .htaccess file.
To create the .htpasswd file, use the htpasswd command with the following format from your Unix prompt after telnetting into the server, log ging in, and then going to the correct working directory::
This command line will prompt you for a password for that username. The password that you type will not be echoed onto the screen, but it will ask you f or confirmation (by having you re-type it) and it will be immediately encrypted.The output from this command is a .htpasswd file with an entry with the form:
The -c option creates a new passwd file instead of editing an old one. So only use the -c option the first time the htpasswd command is used for a given directory.
Finally, make sure that read permissions for this file are set for everyone (ie. owner, group, and other).For more detailed information, check out the Apache Docs.
If you want to maintain separate password lists for different directories, then you need .htpasswd files in different directories. To create these, follow the above instructions for each directory you want to protect.
NOTE: Using passwords does not ensure security. You should not use this method to send sensitive information, such as credit card numbers. This method is meant only to prevent casual users from viewing your pages, not to prevent dedicated snoops from accessing confidential data. Illuminati Online assumes no responsibility for the security of password-protected pages.