Here's a breakdown of what each file consists
of, followed by directions on creating the files:
The .htpasswd file is a list of usernames
and passwords that you have chosen to give access to your
private Web folders. You can add and delete any number
of people to this list.
The .htaccess file is the file that
tells the server "This directory is password-protected."
The .htaccess file will not allow anyone on the Web to view
the page unless they enter a valid username and password.
Creating the .htpasswd file
The .htpasswd file usually looks
something like this:
johndoe:CdncECCAyEzTw
students:Cd14/h7NgCduU
The first field (before the colon) is the
username, and the second field (after the colon) is the
encrypted password. Don't worry about the fact that
the password is encrypted; there's a utility below that
will translate your text password to an encrypted version.
To create the .htpasswd file, open up a
blank text document in a text editor (e.g., NoteTab, Notepad,
WordPad).
Next, you add entries to the file; you can
add any number of entries. To create a new entry, use the
HGSE Web site Password Protection
Utility. Enter each username (composed of numbers and
upper/lowercase letters only) and password that you want
to add one at a time, and click the "Submit" button.
The resulting line of text should look like one of the entries
above. Simply cut & paste that line of text into
your .htpasswd file. Repeat as needed.
Important: Each username/password
pair must be on its own line when you paste it into the
.htpasswd file.
Once you've finished adding username/password
pairs, save your .htpasswd file (don't forget the period
at the beginning of the filename).
Note: If your text editor has trouble
saving filenames starting with periods, you can save it
without the period. Just remember to rename the file
adding the period once you FTP it to the server. Also, the
file must have the name .htpasswd, NOT .htpasswd.txt, so
try saving it using quotation marks (i.e., ".htpasswd");
if this fails, just remember to rename the file once you
FTP it to the server.
After you save the .htpasswd file, you should
FTP it to the server. The .htpasswd file should be placed
at the top-level directory (the directory above public_html),
immediately displayed once you log in.
Now you're ready to create your .htaccess
file.
Creating the .htaccess file
To create your .htaccess file, simply
open up a text editor, and cut & paste in the following
text:
AuthType Basic
AuthUserFile /export/home/USERNAME/.htpasswd
AuthName "Welcome to my Web site"
require valid-user
In the AuthUserFile line, you'll
need to replace the word "USERNAME" with your own Web directory
username (tsc, hr, rp, smithjo, etc).
In the AuthName line, you can replace
the text with whatever you wish (though you must surround
it with quotes).
Once you've made these changes, save the
file (don't forget the period at the beginning of the filename).
Note: If your text editor has trouble
saving filenames starting with periods, you can save it
without the period. Just remember to rename the file
adding the period once you FTP it to the server. Also, the
file must have the name ..htaccess, NOT .htaccess.txt, so
try saving it using quotation marks (i.e., ".htaccess);
if this fails, just remember to rename the file once you
FTP it to the server.
Now you're ready to FTP the file to your
Web site.
Important: When you ftp the .htaccess
file to your Web site, you need to place it in the directory
that you want to password protect.
- If you want to password protect your
entire Web site, you should place the .htaccess file in
your public_html folder.
- If you only want to password protect
a subdirectory, you should place the .htaccess file in
that subdirectory.
Finishing Up
After you have placed both the .htpasswd
and .htaccess files in the correct directories on the server,
you should be able to navigate to your Web site directory
using any Web browser, and see the password protection in
place.
To see a working example of a password-protected
directory, please follow this link.
The login name is "test" and the password is "test."
Adding/Deleting Users and Resetting Passwords
To add users, add their username/password
pairs to your .htpasswd file, one pair per line.
To delete users, just delete their username/password
pairs from the .htpasswd file.
To reset someone's password, use the
HGSE Web Site Password Protection
Utility to create a new username/password pair, and
then REPLACE their current .htpasswd entry with the new
one.
Back to Web Services