|
Protecting html directories with a username/password |
|
|
|
via .htaccess and .htpasswd
Author: BrainRawt (
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
)
Site: http://www.haxworx.com
Updated on 5-11-02
REASON FOR THIS TEXT: I have found many many sites on the internet using insecure login
scripts in insecure directories. Some of these sites stored some
very crucial and private information in these so called "passwd
protected" directories. I recommend using .htaccess/.htpasswd to
those people.
NOTE: In this text we will be protecting the /home/yourname/public_html/private_files
dir with a very basic htaccess method. htaccess usage goes way beyond this text
and has much more to offer then what will be read about here.
[yourname@rawt yourname]$ cd /home/yourname/public_html/private_files
NOTE: Create a file in ~/private_files called .htaccess
[yourname@rawt private_files]$ pico .htaccess (enter text below into the .htaccess file.)
------------------------ cut ---------------------------
AuthUserFile /home/yourname/public_html/private_files/.htpasswd
AuthGroupFile /dev/null
AuthName "My Private Files"
AuthType Basic
<LIMIT GET POST PUT>
require valid-user
</LIMIT>
------------------------ cut ---------------------------
NOTE1: Both the .htaccess and .htpasswd files will be located in the directory you wish
to protect for this text.
NOTE2: You can put your .htpasswd file anywhere on the system, and just point to it via
the AuthUserFile line in the .htaccess file.
AuthUserFile = path to the .htpasswd file.
AuthGroupFile = we arent using a group file so we just point it to /dev/null.
AuthName = What you want to appear in the login box.
AuthType = type of passwd. we will use "BASIC" since its the easiest. You can use
other types for PGP,etc. This text wont get into those.
require = access we wish to grant. We wont cover this in this text either.
Now that we have .htaccess created, we can move on to .htpasswd. If we want to
give people access then we need to give them a name and a password.
[yourname@rawt private_files]$ htpasswd -c .htpasswd yourname (-c = create new file)
New password:
Re-type new password:
Adding password for user yourname
NOTE: OK!! .htpasswd has now been created and has your account in it. For that extra added
feeling of success, lets check the .htpasswd to make sure we have been added.
[yourname@rawt private_files]$ pico .htpasswd (I prefer pico as my text editor)
yourname:GPMpKw3KvGp7c
Now we add another user so that you can share all your favorite pr0n with a friend.
[yourname@rawt private_files]$ htpasswd .htpasswd hax0r_friend
(no -c. we arent creating a new .htpasswd)
New password:
Re-type new password:
Adding password for user hax0r_friend
We arent finished quite yet.
Open up your browser and visit the protected directory......
http://youraddress/~yourname/private_files/
NOTE: Try using both accounts. If it worked then congratulations. If not then look in
the /var/log/httpd/error_log to find out what happened.
Related Items:
|
