|
There are two parts to password protecting your site:
- Create a password file.
- Set the configuration to use this password file.
1. Create a password file
The password file is a text file containing a list of usenames and passwords that you wish people to access your content with. The passwords are encypted when stored in the text file so that other users of the server cannot gain access. While the password file is encrypted it is not advisable to plainly show it to people so the password file should either be stored outside of your web directory or with the filename ".htpasswd" (as the webserver will not serve files beginning ".ht").
We have written a little web app that will allow you to encrypt the username and password you wish to use so that you can add it to your password file.
So, create a text file with a differant username & password on each line in the format "username:encryptedpass" (remember to FTP the file as ASCII).
2. Set the configuration to use this password file
Now you need to tell the webserver how to use this password file and for this we use the good old ".htaccess" file (see other FAQ entries for more details on .htaccess). If you don't already have one in the dir you want to protect then create one, it is just a text file.
Add the following to your ".htaccess" file...
AuthType Basic
AuthName "My Stuff"
AuthUserFile /home/sites/www.example.com/web/dir/.hpasswd
Require valid-user |
Replace "My Stuff" with a short description of what you are protecting, this will appear in the popup window that the user sees.
AuthUserFile points to the full path of your password file. Your sites web directory sits under "/home/sites/www.example.com/" where "www.example.com" is the full name of your website.
Upload the ".htaccess" file (as ASCII) and your done. Give it a try.
For a much more in depth document on how authentication is occomplished please see the Apache Authentication Page.
|
