This tutorial covers Basic user authentication using HTAccess. Authentication denies web access to files, unless the visitor has a valid username and password. This feature allows webmasters, like yourself, to restrict access to certain directories. The usernames and encrypted passwords are kept in a webmaster-maintained file.

You will need the following basic skills:

• An ability to Telnet into your Unix domain.
• A very basic working knowledge of the Unix shell commands (cd, mkdir, etc.)

Let's suppose you want to restrict files in a directory called turkey to username pumpkin and password pie. Here's what you do:

With any text editor (e.g. notepad), create a file called .htaccess. The file should look like the following for your W3U Platinum hosting account:

AuthUserFile /mnt/web/guide/w3u/turkey/.htpasswd
AuthGroupFile /dev/null
AuthName ByPassword
AuthType Basic

<Limit GET>
require user pumpkin
</Limit>

or your .htaccess file should look like the following for your W3U Classic or Premium hosting account:

# Access file 
order allow,deny 
allow from all 
require valid-user 
AuthName "Turkey" 
AuthPAM_Enabled off 
AuthType Basic 
AuthUserFile /home/sites/site#/web/turkey/.htpasswd

FTP your new .htaccess file to the directory turkey on your server.

In the above .htaccess file,
AuthUserFile points to the directory which contains the password file. In this case, we named the password file, .htpasswd. AuthUserFile must specify the full Unix pathname of the password file. For my server the full path is,
/mnt/web/guide/w3u/turkey/.htpasswd. For this example, I chose to place both the .htpasswd and the htaccess files in the same directory. Note that the password file can be in another directory. Also, note that the full Unix path can, and likely will, vary from server to server.  You can find your directory path by typing 'pwd' at the telnet command line (omit the semi quotes).

AuthGroupFile: In this case there is no group file, so we specify /dev/null (the standard Unix way to say "this file doesn't exist").

AuthName can be anything you want. The AuthName field gives the Realm name for which the protection is provided. This name is usually given when a browser prompts for a password (i.e. the Authentication Dialog Box pops up). It is also usually used by a browser in correlation with the URL to save the password information you enter so that it can authenticate automatically on the next attempt to enter the restricted directory. Note: You should set this to something, otherwise it will default to ByPassword, which is both non-descriptive and too common.

AuthType should be set to Basic, since we are using Basic HTTP Authentication. Other possibilities for NCSA HTTPd 1.5 are PEM, PGP, KerberosV4, KerberosV5, or Digest. A discussion of these types of authentication can be found in the tutorials at hoohoo.

Next, create the password file, which in this case is .htpasswd.

The easiest way to do this is to use the htpasswd program distributed with NCSA HTTPd.

To do this, telnet into the server, and change to the turkey directory. At the command line, type:
htpasswd -c /mnt/web/guide/w3u/turkey/.htpasswd pumpkin

The format that the htaccess program uses to create the password file is:
htpasswd -c FilePath/filename UserName

Next, you type the password, which is this example is pie. Again press the enter key. You will be prompted to enter the password again.

If you view the resulting .htpasswd file, it should look like this:

pumpkin:y1ia3tjWkhCK2

Important Note: be sure that the file path and the filename are the same in both the .htaccess file that you create and in the htpasswd file that you create.

That's it. Any files that you place in your turkey directory now require Basic Authentication to access. For a demo, you can access this tutorial in a directory that I have protected with this authentication scheme. Just click here. When you try to access this directory, your browser should demand a username and password. Enter pumpkin in the username field, and pie in the password field. If you are using a browser that doesn't handle authentication, you will not be able to access the document at all.

Note, also, that the .htaccess file restricts access to any sub directory of the directory in which the .htaccess file resides. Hence, any visitor requesting ~/turkey/nextdirectory would be presented with an authentication request, unless ~/turkey/nextdirectory had a .htaccess file of its own.

Note that to add more users in the future, use the htpasswd program again but without the -c switch: For example, htpasswd filepath/filename bob, will add username "bob" to your .htpasswd file.

To delete users, open the .htpasswd file in a text editor and delete the appropriate lines.

||  Back to FAQ's   ||  W3U's Home  ||

http://www.w3u.com/