WkWyW.net Restrict Access InfoHTTP Basic AuthenticationYou can restrict access to sections of your web page in many ways. Perhaps the easiest is to use HTTP Basic Authentication. This technique instructs the server to challenge a visitor to any defined portion of your site, the visitor will have to provide a username and a password before being allowed to view files in that section. To set-up this security feature you need to put a file in the directory you wish to protect called ".htaccess". Any files in this directory or any directory contained within it will then be protected by the username/password challenge. Please note that the HTTP Basic Authentication is only really suitable for small numbers of users, if you wish to control access for large numbers of users or need a finer grained control, for example, on a page by page basis rather than folder by folder basis) this is not the best solution, contact support for more information. htaccessThe .htaccess file needs to contain information such as this AuthType
Basic AuthType Basic describes the type of authentication we're using. In this case, it's Basic (as in HTTP Basic Authentication). AuthName "Administration Section" This directive sets the name of the authorization realm for a directory. This realm is given to the client so that the user knows which username and password to send. AuthName takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. AuthUserFile /home/domainName.com/.htpasswd instructs the server to look in the file .htpasswd in the directory user for the passwords assigned to users. Note that it is important that the password file is stored in a different directory, an explanation as to why is provided later. AuthGroupFile /home/domainName.com/.htgroup Access to sections of the site is managed on a group by group basis. This line tells the server where to find the group file, which defines which users are a member of a particular group. Require group admins Tells the server that only people in the admins groups can access these pages. Having set up the .htaccess file you need to create the two files ".hpasswd" and ".htgroups". .htgroupsIn order to define the usernames that are associated with each group we need to create a file called .htgroups in the directory identified in the .htaccess file. This file needs to contain a line for each group to be defined. Each line looks like this: dorks: john jane anna .htpasswdThis file should be stored in a place where it cannot be retrieved by just anyone. Therefore it should not be in your web space. In the example above we suggest storing them in your home directory root folder (/home/domainName.com, replace domainName.com with your own domain name), although it can be in any directory you have write access to. To create the .htpasswd file you need to run the following command (you will need to telnet into your account in order to run this command). htpasswd -c /home/rgardler/.htpasswd john The -c in this command creates the file. Once it is created you will be asked for the password and then asked to confirm it, do so. Subsequent passwords are entered in the same way (but without the -c): htpasswd
/home/rgardler/.htpasswd jane That's it, you're done. |
 |