June 9th, 2004, 09:39 AM
Create a nice security for your website
Well, I'm gonna try to explain you how to restrict access to a website or a certain part for your website.
Generally there is a file where you can do lots of things within a website, the .htaccess - file.
I'm not gonna explain the whole .htaccess thingies, there's lots of stuff easy to find out via Google by
simply searching on .htaccess.
OK, simple but pretty good restrictions for a website :
First we're gonna filter out on ip-adress with the .htaccess file, which you place in your website folder, or in the appropriate dir you wanna secure.
After that we're gonna throw in a password verification simply via the htpasswd feature. This htpasswd file is best placed outside your website. I mostly put in my home.
Here's an example of an .htaccess which to place in the website-folder :
OK we see some new things, first the allow or denying of the ip's or ranges, which needs to be set before the authentication, so only certain ip's have a chance on even starting to try an authentication.
Deny from all
Allow from 192.168.0.1 #allow a single ip
Allow from 10.10.10.0/255.255.255.0 #allow a whole subnet, in this case a C - Class
AuthUserFile /home/test/.htpasswd #path to where your .htpasswd-file, where the userauth is
AuthName "My Secured Area" # A description of your area, can be anything
require user test
Next, we see in this case the user "test" , and the AuthUserFile with a path-to-a-htpasswd-file.
This file it will be reading to verify the user and pass.
The AuthGroupFile is pointing to /dev/null cause we use a single user authentication in this case. Maybe more on authenticating more users or groups net time.
The "require user test" obviously tells the .htaccess to require authentication only for the user "test".
OK now the .htaccess is in place we need to add a .htpasswd to the /home/test
This is an example of an authentication entry of the .htpasswd in the example above.
You can see the pass is encrypted, so thats a nice surplus. There are sites that let you easily create a line for your .htpasswd. I always use this site :
Just enter a user and passwd and it will create you an entryline which you simply set in your /home/test/.htpasswd and save.
So now you should be able to have a nice restricted site, and it should pop a window where to enter a user and pass, that is if you get passed the ip filtering of course .
***EDIT*** I use Apache 2 Webserver and linux OS, but I believe it should work for a windows webserver too, although I'm not sure of that nor did I test it