If your web server is Apache, you'll need these three (3) files to password-protect a directory within your web space:
.htaccess
.htgroup
.htpasswd
- .htaccess governs 'groups' permitted to access your protected directory. We define groups in the next step.
- .htaccess must reside in the directory it is meant to protect. It will also recursively protect sub-directories beneath it.
- Sample Syntax:
AuthUserFile /home/csdue/username/public_html/.htpasswd
AuthGroupFile /home/csdue/username/public_html/.htgroup
AuthName My_Secure_Site
AuthType Basic
<Limit GET>
require group AuthList
</Limit>
- .htgroup maps authorized groups to authorized userids.
- .htgroup doesn't necessarily need to reside in the protected directory.
- Sample Syntax:
AuthList: userid1
AthList: userid2
AuthList: userid3
AuthList: userid4
Q. Which unfortunate user won't be able to access your protected directory?
A. userid2, because AuthList is misspelled.
- .htpasswd maps userids to their encrypted passwords.
- .htpasswd doesn't necessarily need to reside in the protected directory.
- Generate your users' encrypted passwords using one of these methods:
- Sample Syntax:
userid1:75xH6Jc77a2q.
userid2:38QjQ3AYnER1o
userid3:408yip4igdEEM
userid4:15g1Xp9dfoJC6
- Although various permission schemes will work, only you need to be able to read
and write to your authorization files:
~/public_html% chmod 644 .ht*
- Your .ht* files should be accessible by the owner of your system's httpd process, so the httpd process has permission to read them.
- http://httpd.apache.org/docs/2.2/howto/auth.html
