Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Password protection
- Thread starter MDEdwards
- Start date
Hi mate,
You are full of questions!! LOL
You can protect directories with htaccess..
I am not going to go into this just now as it is 3:30am and I need my sleep..
If you take a look through this forum then you will find loads of posts about htaccess..
If you have an problems, just ask and if nobody else answers first, I will help you tommorow..
Hope this helps Wullie
You are full of questions!! LOL
You can protect directories with htaccess..
I am not going to go into this just now as it is 3:30am and I need my sleep..
If you take a look through this forum then you will find loads of posts about htaccess..
If you have an problems, just ask and if nobody else answers first, I will help you tommorow..
Hope this helps Wullie
- Thread starter
- #3
You need to use basic HTTP authentication, which is handled by the mod_auth.
The first thing to do is create a user file with htpasswd that contains usernames and their associated passwords. htpasswd lives in the /bin directory of your Apache installation:
htpasswd -c /usr/local/apache/auth/userfile smith
This will create a new file, userfile, with one user called smith. You'll be prompted for a password which is encrypted and written to the file.
Additional users are added by omitting the -c (creation) argument:
htpasswd /usr/local/apache/auth/userfile bloggs
If you want to batch users together, use the -b argument:
htpasswd -b /usr/local/apache/auth/userfile smith bloggs
Now you need to enable authorisation by creating a .htaccess file in the directory to be protected (remember to set AllowOverride All in httpd.conf). The file must contain:
AuthName "mod_auth Realm"
AuthType Basic
AuthUserFile /usr/local/apache/auth/userfile
require user smith bloggs jones
AuthName defines the authorisation realm, AuthType specifies the type (currently only Basic and Digest), AuthUserFile is the file created earlier and require user specifies the list of users who are permitted access. NB Even if a user is listed in the AuthUserFile, if he is not in the require user line, his request will be rejected.
You could also create a group file to avoid specifying a long list of users. A plain text file, it would look like:
admins: smith bloggs
users: jones bloggs
associates: evans
It's specified in .htaccess as:
AuthName "mod_auth Realm"
AuthType Basic
AuthUserFile /usr/local/apache/auth/userfile
AuthGroupFile /usr/local/apache/auth/groupfile
require group admins users
In this case, only evans is not allowed access.
Incidently, if you want a more informative error page for HTTP response code 401 (Authorisation Required), you can override it in httpd.conf with
ErrorDocument 401 /401.html
Deliberately generate the standard error page, then copy the source code to a document that you can edit. Then for the above example to work, save it in the DocumentRoot. You can also use this directive in the .htaccess file to create directory-specific messages. ------------------------------------------------------------------
It's important to think. It's what separates us from lentils.
The first thing to do is create a user file with htpasswd that contains usernames and their associated passwords. htpasswd lives in the /bin directory of your Apache installation:
htpasswd -c /usr/local/apache/auth/userfile smith
This will create a new file, userfile, with one user called smith. You'll be prompted for a password which is encrypted and written to the file.
Additional users are added by omitting the -c (creation) argument:
htpasswd /usr/local/apache/auth/userfile bloggs
If you want to batch users together, use the -b argument:
htpasswd -b /usr/local/apache/auth/userfile smith bloggs
Now you need to enable authorisation by creating a .htaccess file in the directory to be protected (remember to set AllowOverride All in httpd.conf). The file must contain:
AuthName "mod_auth Realm"
AuthType Basic
AuthUserFile /usr/local/apache/auth/userfile
require user smith bloggs jones
AuthName defines the authorisation realm, AuthType specifies the type (currently only Basic and Digest), AuthUserFile is the file created earlier and require user specifies the list of users who are permitted access. NB Even if a user is listed in the AuthUserFile, if he is not in the require user line, his request will be rejected.
You could also create a group file to avoid specifying a long list of users. A plain text file, it would look like:
admins: smith bloggs
users: jones bloggs
associates: evans
It's specified in .htaccess as:
AuthName "mod_auth Realm"
AuthType Basic
AuthUserFile /usr/local/apache/auth/userfile
AuthGroupFile /usr/local/apache/auth/groupfile
require group admins users
In this case, only evans is not allowed access.
Incidently, if you want a more informative error page for HTTP response code 401 (Authorisation Required), you can override it in httpd.conf with
ErrorDocument 401 /401.html
Deliberately generate the standard error page, then copy the source code to a document that you can edit. Then for the above example to work, save it in the DocumentRoot. You can also use this directive in the .htaccess file to create directory-specific messages. ------------------------------------------------------------------
It's important to think. It's what separates us from lentils.
Deliberately generate the standard error page, then copy the source code to a document that you can edit.
Doing it that way does not allow you to pass info on to the error page.. You are better off using a script to catch the errors which will pass info onto the page in question..
Hope this helps Wullie
Doing it that way does not allow you to pass info on to the error page.. You are better off using a script to catch the errors which will pass info onto the page in question..
Hope this helps Wullie
I don't want to pass info to the error page. It is simply so you can write a more informative error message for your users, perhaps including some navigation features and contact details of the administrator. ------------------------------------------------------------------
It's important to think. It's what separates us from lentils.
It's important to think. It's what separates us from lentils.
Using a script to catch the errors you can pass on info to the page such as:
1)The URL that the user tried to access
2)The referal page.
If you take a look at the following link you will see what I mean..
Hope this helps Wullie
1)The URL that the user tried to access
2)The referal page.
If you take a look at the following link you will see what I mean..
Hope this helps Wullie
- Status
Similar threads
- Locked
- Question