Knowledgebase Home | Glossary | Favorites Knowledgebase Home | Glossary | Favorites
The .htaccess File
Article Details

Last Updated
24th of August, 2010
Would you like to...
Print this page Print this page
Email this page Email this page
Post a comment Post a comment
Subscribe me
Add to favorites Add to favorites
Remove Highlighting Remove Highlighting
Edit this Article Edit this Article
Edit this Article Quick Edit
Export to PDF
User Opinions (0 votes)
No users have voted.
How would you rate this answer?
Helpful
Not helpful

Contents

Introduction

This document assumes you have a basic understanding of the UNIX shell.

Web access control with Stackable is a function of the web server. It lets you set permissions on who can access your web documents based on username/password, a group defined by you, or the client's Internet address. This method will allow you to protect access to an entire directory, and any files and directories within it. Since the most common control used is by username/password, the following document covers instructions for that method only. If you would like to learn how to control access by other methods, you can refer to the Apache web server documentation on the subject.

When setting up password protection on a directory, you will need the following two files:

  • .htaccess - This files is placed in the directory to be protected and it defines the restriction types and rules to be followed.
  • password file (You may choose the name.) - This file contains clear text usernames with encrypted passwords. We recommend that you put this file in your root directory.

Creating the .htaccess File

The .htaccess file is the file that defines what type of control to use, what file to reference for usernames/password, what the dialog box will say when prompted for a password, and what requirements should be met.

Placement and Permissions for the .htaccess File

The .htaccess file should be placed in the directory that you want to protect. The file should be owned by you with the group "www", and permissions set to 640. When this is done correctly, a long list showing the file will look like this:

-rw-r----- 1 acctname www 170 Aug 24 2001 .htaccess

Format for the .htaccess File

The format of the file should be as follows, with no blank lines before the text begins:

AuthUserFile /home/users/a/acctname/.passwordfile  
AuthGroupFile /dev/null  
AuthName 'Access For Valid Users'  
AuthType Basic  
  
require valid-user

The AuthUserFile is the file that has the authorized users' usernames and passwords. This must be the complete path.

The AuthGroup file isn't used when simply password protecting a directory. Because of this, we've identified it as /dev/null (effectively, nothing).

The AuthName is the dialog that will be shown when a user is prompted for their username and password.

AuthType is the type of authentication that will be used. For password protecting a directory, it just needs to be "Basic"

The tag defines both what is allowed to be done in the directory, and the requirements for allowing someone into it.

Note: If you have forms or cgi scripts in the protected directory, your limit should be set to " ."

Creating the Password File

The password file contains the usernames and passwords that the .htaccess file will reference for authentication.

Placement and Permissions for the Password File

The password file should be placed outside of your public_html directory for added security. Files in your root directory, outside public_html, can't be viewed from the web. The file should be owned by you with the group "www", and permissions set to 640. When this is done correctly, a long listing showing the file will look like this:

-rw-r----- 1 acctname www 170 Aug 24 2001 .passwordfile

Creation of the Password File

In the directory where you wish to create the password file, type the following:

htpasswd -c passwordfile username

You will then be prompted to enter the password for "username". You may replace "passwordfile" with the name of your password file, and "username" with the username you would like to add to it.

Changing Passwords in the Password File

To change a password for a user, go to the directory where the password file is located and type the following:

htpasswd passwordfile username

You will then be prompted to enter the new password for "username".

Removing Users from the Password File

To remove a user from the password file, simply edit the file with a text editor, delete the line the username and password is located on, and then save it.

Enabling Directory Tree Viewing

For security reasons, directory tree viewing is disabled by default. If you'd like to show a directory tree of all the files in a specified directory, however, the option is available. You'll need to create a file called .htaccess in the directory that you want viewable. In your Stackable shell, you can do this by issuing this command:

echo Options +Indexes > .htaccess

Do this inside the directory you wish to make viewable.

Note: This won't have any effect while using a Basic Hosting package.

Controlling the Error Page

You can use the ErrorDocument directive to change the 404 error that comes up when someone accesses a bad url in your webspace. The syntax is as follows:

ErrorDocument 404 /~username/my_404_error.html

For more details about this directive (and other htaccess directives), visit:

http://httpd.apache.org/docs/mod/core.html#errordocument
Visitor Comments
No visitor comments posted. Post a comment
Post Comment for "The .htaccess File"
To post a comment for this article, simply complete the form below. Fields marked with an asterisk are required.
   Your Name:
* Your Comment:
* Enter the code below:
 
Related Articles
No related articles were found.
Attachments
No attachments were found.

Continue