If you have important information which you don’t like to make them public, you can use .htaccess files to customize your directory. But you have to ask from your provider if they can provide you .htaccess file.
I post this memo because lots of people use shared hosting services because of their cheap prices, so if you are going to put important information on those type of hosts, asking about this feature will help you for your further website developments.
First of all you should have your passwd file to be uploaded on the server, or the hosting service provider should give you some tools to handle this file. After you create your passwd file you should put in a secure place that nobody can access it. of course you should be able to access it through FTP or webtools to handle users and passwords.
If your provider doesn’t have these tools you can create password file yourself.
You need Apache Webserver to be installed on your computer you can find htpasswd.exe in [apache home]\bin directory. Using this command is so easy. If you run it without any parameter it will show you usage and parameters.
For instance you can use this command as follows:
c:\ApacheHome\bin> htpasswd -c users.pwd sarbanha
Automatically using MD5 format.
New password: ***********
Re-type new password: ***********
Adding password for user test
C:\ApacheHome\bin>
Now you have a file named users.pwd, later if you want to change the password you don’t need to use -c parameter.
Okay, You already have a simple password file. Two other files are needed, one to secure a directory on webserver and the other one is to force HTTP Authentication for directory visitors.
Now make a directory on your host to store your password file, before uploading
your password you should be sure about its security.
Create a text file named .htaccess with the following content:
Deny from all
Then upload it to the directory which you created to put your password files. Try the directory it shouldn’t allow you to view its content otherwise there are two possibilities, first you put your file in a wrong place or your provider does not let you use Limit tags like Deny or Allow in your .htaccess file, So you have to cunsult with your provider to provide you a secure directory and give you its full path so you can upload your password files there.
Okay, when you make sure that you have a secure place for password file you need to upload it there, you have to know its correct full path name otherwise your directory visitors can not be successfully authenticated.
Time to creare another .htaccess file which is our goal. Just to remind the subject we are doing this to secure a portion of a website, let say a sub directory of our website.
So, create a new .htpasswd file with the following content:
AuthType Basic
AuthName “Password Required”
#Chenge the the path to your password file in the next line
AuthUserFile /hosts/mywebsite/www/passwords/users.pwd
Require valid-user
Note that AuthName tag is only a prompt, you can change it to whatever you want.
Now if you upload this file into any directory, it needs HTTP Authentication and the visitor should enter a correct password to be able to visit that part of your site.
Thats it, if you have done this procedure correctly it should work.
Another small tip is, if your service provider does not let directory visitors to be able to read your password files or it has a special format or extention for password files you will need only one .htaccess file. I mean you don’t need to creat a directory and secure it yourself. So you can omit the first .htaccess creation.