Use htaccess on your site

From Daily Data

Jump to: navigation, search

htaccess is a way of modifying how the web server works. This document describes how to protect one or more directories (folders) in your website by requiring a username and password to access the information in the directory. You can even protect the main directory, in which case your whole site is password protected. Note that htaccess is not a strong security device. There are hacks that can bypass. Do not rely on this as your only limit for sensitive information.

First, change the following where appropriate. Do not simply copy/paste, as this is a public document. Changing your values will help you to not get hacked.

Calculate your password hashes. One way to do it is to point your browser to http://client.dailydata.net/common-cgi/htpasswd.cgi, which is a script we found that will calculate hashes for you. Enter a username and password, then copy the line that is shown into a file. Do this for all users and passwords you want to have access to the directory. When done, you might have a file that looks like this: 

joe:anvOvgDqJMuzo
jane:HeWn0ebEPmKQI
sis:29l8w5iethIg6
bubba:4EWQbng8Js/SM

Do Not Use the above values. They are simple, easy to figure out values, They are user "joe", with password "joe", user "jane" with password "jane", and so on. Create your own username/password list.

Save this file, calling it some arbitrary name. .htpasswd is not allowed. Call it something else, and ftp this file to the root of your web site. Not in the web/ directory, in the directory above that, and set its permissions to 644. This breaks security even more, but setting it to 644 (rw.r..r..) is sufficient. For more security, contact us and we will create that file for you with better security (which cannot be done from an ftp client).

Now, inside the directory you want to protect, create a file names .htaccess (yes, that has a period in front of it) with the following contents. 

AuthName "some title"
AuthUserFile /home/www/your.web.site/whatever you called the file
AuthType basic
Require valid-user

Replacing the italicized values with the correct ones. Save this file with permissions 664 also (or have us set the permissions even better) to your website.

Now, test access to your website. You should be blocked unless you put in the correct username and password.

Note: Daily Data is happy to set this up for you. Please contact us if you would like us to set up directory protection on your website.

Retrieved from "http://wiki.dailydata.net/index.php/Use_htaccess_on_your_site"
Personal tools