Password protecting directory via .htaccess

[StephenGarcia]

I am trying to protect a directory on a web site using .htaccess. The site is hosted on a Linux server. My web host says that they do not support CHMOD. How do I go about setting permissions to the .htaccess and .htpassword files.

Stephen

[steve0]

What permissions do you want to set?

As long as you can create the .htaccess and the password file.. you should be okay without chmod.

[StephenGarcia]

I am using the following code in the .htaccess file:

AuthUserFile home/content/a/b/domain.com/directorya/.htpasswd
AuthGroupFile /dev/null
AuthName "Recent Issues Section"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

and the following code in the .htpasswd file:

stephen:garcia

Both .htaccess and .htpasswd files are placed in the directory that needs to be protected (i.e.,
home/content/a/b/domain.com/directorya) and the files are uploaded to the server in ASCII format.

I am currently using the unencrypted password, 'garcia' with user ID 'stephen'. (The intent is to have all users access the protected directory with stephen as ID and garcia as PW.)

When I try to access the protected directory, I get the Windows dialog box that asks for the ID and PW but when I provide the ID and PW, nothing happens and I am unable to access the contents of the protected directory. It appears as if .htaccess is not communicating with .htpasswd.

What am I missing?

[steve-parrott]

I'm not a programmer so I don't understand it, but I've experienced major problems with .htaccess protection due to the explorer service pack II that restricts certain information. My web host no longer offers the iprotect service because of this and my adpass system no longer functions properly.

[steve0]

put a / in front of home..
AuthUserFile /home/content/a/b/domain.com/directorya/.htpasswd

then ..

htpasswd -c /home/content/a/b/domain.com/directorya/.htpasswd stephen
you will then be prompted for your password..
enter garcia

the -c created the password file with new user stephen.
any other users.. just drop the -c
(you may want to move you password file outside your web directory)


Here is what I use..



deny from all
AuthUserFile /home/virtual/DOMAIN.com/var/www/passwords
AuthGroupFile /dev/null
AuthName "Restricted area"
AuthType Basic

require valid-user

<Files .*>
order allow,deny
deny from all
</Files>
satisfy any
<Limit GET PUT POST>
require valid-user
</Limit>

[StephenGarcia]

Thanks for posting the .htaccess code you use. I am still having difficulty in getting this to work.

1) How should I go about creating the .htpasswd file? Will a simple text file having just the user ID and password (i.e., stephen:garcia) created using notepad and transferred to the server in ASCII format suffice? (My web host does not allow me to use the htpasswd program to create the .htpasswd file.)

2) In addition to the user ID and password (stephen:garcia) should the .htpasswd file have any other line of code?

3) Where should I place the following line of code, in the .htaccess or .htpasswd file?

htpasswd -c /home/content/a/b/domain.com/directorya/.htpasswd stephen

Many thanks!
Stephen

[steve0]

answers.

re: #1 from the command line, 'htpasswd' is actually a program that manages the task for you.
%> htpasswd -c /path/to/passwordfile/ username

where /path/to/passwordfile/ is the same from your .htaccess file

re: #2 no other info is needed for your .htaccess file

re: #3 run that on the command line.

To add additional user.. drop the '-c'
e.g. %> htpasswd /path/to/file/ newuser

[StephenGarcia]

Thanks! I appreciate the help. I have finally got the basics working.
Stephen