This is a little guide on how to use htaccess on linux based web servers (apache platforms). htaccess can perform a number of different functions, but this article will focus on authentication. Web based authentication denies web access to directories to visitors who do not have a valid user name or password. The user names and encrypted passwords are kept in a file maintained by the webmaster.
Requirements
- a valid shell account on Pacific Internet Webservers
- ssh access to ftp space of the web site (tera term or SecureCRT or puTTY) (you can ftp the files if ssh is not available)
- ability to use a unix text editor (vi, vim or pico will do just fine)
- knowledge of the unix filesystem (paths and navigation – pwd, cd, mkdir, ls)
Firstly you will need to ssh to your web space. You will be in the root directory for your account. This is where you will create the file that maintains the username(s) and password(s) that allow access to the directories you wish certain people to have. The format to create this file is as follows:
/usr/local/apache/bin/htpasswd -c [password file name] [user]
The ‘-c’ flag creates a new password file. For Example:
/usr/local/apache/bin/htpasswd -c .htpasswd joebloggs
It will then prompt you for the password to used with the username specified (you will need to enter it twice to confirm). Once this file has been created you will then need to change into the directory you wish to protect, for this example we will use /home/username/public_html/secure/. Once in here, you will need to create the ‘.htaccess’ file to excecute the directive. You .htaccess file should look similar to this:
AuthUserFile /home/username/.htpasswd
AuthType Basic
AuthName "Secure Area"
require valid-user
AuthUserFile tells the web server where the username/password file is located, which is where we created it previously (Use the pwd command to work out the correct directory to place here). AuthName is the name for the secure area, which you can specify to almost anything, just make sure you have the ” ” around the name otherwise you will get server errors.
Once this has been saved, the directory /home/username/public_html/secure/ and any directories below it are now secure from unwanted visitors.
If you want to allow more users but with different usernames run the htpasswd command from the same directory where you created it previously without the ‘-c’ flag, for example:
htpasswd .htpasswd johndoe
If you want to remove a users access to the directory open the .htpasswd file using a text editor and delete the line for that user.
Side Note
Auto Redirection
Entire websites can also be redirected by using .htaccess files. In order to to acheive this, the format is as follows:
RedirectMatch permanent (.*) http://www.domain.com/