Protecting Directories
Now that you have created your file of users and passwords, move into
your public_html directory with the command:
cd public_html
Now we need to create a file called .htaccess that the web server looks
at for special instructions. Before we do that, however, we need one
piece of information: the full path name of the file we created in step
1. The easiest way to do this is to type:
echo $HOME
This command will return something that looks like
/export/home/u98/login,
where login is your user name. The full path of the file we created in
step 1 is going to be the result of that command with the name of the
file tacked onto the end. It can be easy to forget, so you might want
to write it down. In the end, it should look something like, /export/home/u98/joeblow/htusers.Now, using a text editor, create a file called .htaccess (yes, there is a period in front of that). For pico users, you can type:
pico .htaccess
This will put you into a blank pico editing screen. Now you want to add several entries to your file. Each of these entries consists of a directive followed by a value. These are like attribute/value pairs in HTML. First, you want to give the area you're protecting a name. To do this we use a directive called
AuthName, so our first line might look
like: AuthName "My Web Stuff"
Next, we need to specify what type of authentication we are using, and where the file is located. This is where we need the line from above. So, the next two lines would look like:
AuthType Basic
AuthUserFile /export/home/u98/joeblow/htusers
Finally, we tell the server what is required for someone to have access to this area of our web space. So we add a final line that says:
require valid-user
This says that any user listed in the htusers file that provides a valid password will be allowed in. So, all told, our .htaccess file should look something like:
AuthName "My Web Stuff"
AuthType Basic
AuthUserFile /export/home/u98/joeblow/htusers
require valid-user
Now, save your file and exit the text editor. In pico, Ctrl-X will do this. Finally, once you're back at the prompt, type:
chmod 644 .htaccess
This makes sure the web server can read your .htaccess file.
The setup above will password protect every file in your html directory,
as well as any files in subdirectories. If that's exactly what you want,
you can stop here, but often people are interested in limiting access
only to certain files or certain subdirectories. By changing the location
of the .htaccess file and/or the contents of the file, you can create
more intricate configurations.
For instance, if you wanted to protect only a subdirectory of your site,
while leaving the rest open, you can simply move the .htaccess file
into the subdirectory. So, if you had a subdirectory called classwork,
where you posted assignments for a professor's eyes only, you could
issue the command:
mv .htaccess classwork
(Alternately, you could have created your .htaccess file (as in step
2) in that subdirectory instead of your public_html directory.)
Again, this will protect all the files in that subdirectory, as well
as any subdirectories below that one (sub-subdirectories?). If you have
more than one first-level subdirectory that you wish to protect, you
will need to create a separate .htaccess file for that subdirectory.
Just remember, the directives specified in any .htaccess file are applied
not only to the directory in which it resides, but all those below it
as well.
Watch the video
choose format/speed
dial-up | broadband
dial-up | broadband
dial-up | broadband