Password Protecting a DirectoryNOTE: You can protect a directory with just doing several click using your site control panel under 'Password Protect' menu. To password protect a directory, you need three things: a '.htpasswd' file, a second '.htaccess' file and the path for the working directory.
The .htaccess file First of all, you need to create a new '.htaccess' file using your favourite text editor (eg: pico, vi, editpad, notepad, etc.) with the following information and place it in the dirctory you want to protect. If you do not know what your absolute path to your directory is, you can copy and paste the PHP script in the box below, save it as 'showpath.php' and then upload it to your site. Next, using your browser, go to your site and open the 'showpath.php' script. What you will be looking for is the line that says something like this or something that close anyways: /home/your_user_name For ChaliceHost.com hosting customers, if you running the script above at your "public_html/" directory, the line will say something close like this: /home/your_user_name/public_html/ Now copy and paste the following lines into your '.htaccess' file. Don't forget to change the parameters Protected Area and the absolute path to your '.htpasswd' file and other parameters shown in blue text below. AuthUserFile /absolute/path/to/.htpasswd AuthGroupFile/dev/null AuthName 'Protected Area' AuthType Basic <limit GET PUT POST> require valid-user </limit> Or an alternative for blocking certain IP addresses from viewing anything would be: <Limit GET> order allow,deny deny from 192.168. deny from 10.123.45. deny from 172.21.234.56 allow from all </Limit> Now if you would like to password protect only certain files then this is what you would place in to your '.htpasswd' file but you must change the parameters shown in blue text below: AuthUserFile /absolute/path/to/.htpasswd AuthGroupFile/dev/null AuthName 'Protected Area' AuthType Basic <Files myfile.???> require valid-user </Files> Change myfile.??? to any file name you want to protect (eg: story.php). If you don't want anyone, including yourself, to have access to a specific file then place the following into your ' .htaccess' file and put it into the directory that contains the file to be protected. Change myfile.??? to the file you want excluded (eg: secret.php). AuthUserFile /absolute/path/to/.htpasswd AuthGroupFile/dev/null AuthName 'Protected Area' AuthType Basic <Files myfile.???> Deny From All </Files> The .htpasswd file First you will need to find some form of encryption for your password and it just so happens that we have a tool that will do just that. The password encryption tool will create a line that you will place in your '.htpasswd' file. The created line will look something like: JohnDoe:JevM*ec/A$H Last but not least you need to create the '.htpasswd' file. You do this also by using any text editor but save it as '.htpasswd' and place in it this one line: username:password that you created using the password encryption tool. Upload this file to where you pointed to in your '.htaccess' file. NOTE: Do not password protect your whole directory (eg: www.yoursite.com). If you do that, nobody can view anything on your site without a proper user name and password. However, it is ok to protect a subdirectory (eg: www.yoursite.com/some_folder/) so that nobody can go into '/some_folder/', or any of the subdirectories thereafter without a proper user name and password. The latter would be a much safer option. NOTE: If you want to stop people from stealing your graphics, then you can password protect your images directory, but if you are using some of the images on you pages that are in that directory, it will prompt for a password. This would not be cool! |
