Web Page Password Tutorial - Authentication Basics
After you finish this tutorial you will be able to protect areas of your website using .htpasswd and .htaccess files
This tutorial covers web-based user authentication using .htaccess. Web-based authentication denies web access to visitors who do not give a valid username and password. This feature allows webmasters to restrict access to certain directories. The usernames and encrypted passwords are kept in a webmaster-maintained file.
You will need the following basic skills:
- Ability to ssh and log in to your virtual domain
- Ability to use a text editor (such as vi or pico)
- Working knowledge of paths and basic filesystem navigation (cd, mkdir, etc.)
Remember: Read through all steps to minimize errors.
Here we go!
The following is an example use of the .htaccess file. Let's assume that it resides at /home/username/public_html/somedir/.htaccess
AuthUserFile /home/username/public_html/somedir/.htpasswd AuthGroupFile /dev/null AuthName ByPassword AuthType Basic require user username1 require user username2
- The .htaccess file affects the directory in which it is placed, so in this example, any visitor requesting http://www.engr.arizona.edu/~username/somedir would be presented with an authentication request.
- The .htaccess file also affects directories recursively below it. Therefore, requesting http://www.engr.arizona.edu/~username/somedir/subdir would yield the same authentication request unless ~username/somedir/subdir had a .htaccess file of its own.
The first line, starting with AuthUserFile, tells the web server where to find your username/password file. We'll create that file in a minute. For now, change the AuthUserFile line as necessary for your use.
Notice that the AuthName in the example, "[Password Protected]," is used in the authentication request.
Using your favorite text editor, create a file similar to the example, replacing AuthUserFile and AuthName changing the values for your specific page. Be sure to name the file .htaccess.
Also, the usernames in this file should not be username1 and username2. Please replace these with valid usernames you want for your pages. You may also add more of these lines as needed.
Now that we understand the basic .htaccess model, how can we specify who is allowed? We'll create an .htpasswd file named in the AuthUserFile line above.
To create an .htpasswd file, go to the directory you specified in AuthUserFile. In the example, this is /home/username/public_html/somedir/.htpasswd. Now, type the following line of code at a unix prompt replacing 'username' with your desired username (leave the colon) and 'password' with the password desired.
perl -e 'print "username:"; print crypt("password",SA); print "\n";'
Then, using that favorite text editor, copy the entire returned line into a file called .htpasswd. (NOTE: You can add more then one user to the .htpasswd file.)
Your .htpasswd file should now look something like this:
webmaster:v3l0KWx6v8mQM bob:x4DtaLTqsElC2 secretuser:SAovjxi48tFHg
Save the file and exit your text editor. All that is left is to change the permissions to world readable by typing the following commands (while in the directory containing the ".ht" files):
chmod 704 .ht*
Next, type the following lines at the Unix prompt:
chmod 755 /home/username/public_html/somedir
chmod 755 /home/username/public_html/somedir/.*
chmod 755 /home/username/public_html/somedir/*
That should do it! If you have any trouble, please open a support ticket with us at https://support.engr.arizona.edu