How do I password protect some files/folders so that the random user doesnt download something. I was told .htaccess but I dont know how to use that.
Printable View
How do I password protect some files/folders so that the random user doesnt download something. I was told .htaccess but I dont know how to use that.
Using the htpasswd program in your bin folder, create a password file for whatever user you want in a folder named auth in your main Apache folder... then fire up Notepad or whatever and create a ".htaccess" file for whatever directory you want protected (save it in that directory as ".htaccess").
Code:AuthType Basic
AuthName "Restricted Files"
AuthUserFile c:/apache_dir/auth/htpasswd
Require user whatever_user_you_made
[edit]
Made some corrections to clear up what I wrote.
Here's a nice little tutorial on how to do it.
Hey phil,
I hate to be a jerk and just say use Google, but I honestly knew nothing about the .htaccess file until like 10 minutes ago. I read some stuff on the first google link. (check out http://www.javascriptkit.com/howto/htaccess3.shtml )
Among other things this explains how it is used to set permissions on folders. I think this will get you started. Good luck!
Bah, I'll stick up for him... sometimes even finding an article online about you're looking for doesn't help you as much as talking to an actual person... especially when doing it for the first time.... let it go. =\Quote:
Originally posted here by Algaen
Hey phil,
I hate to be a jerk and just say use Google, but I honestly knew nothing about the .htaccess file until like 10 minutes ago. I read some stuff on the first google link. (check out http://www.javascriptkit.com/howto/htaccess3.shtml )
Among other things this explains how it is used to set permissions on folders. I think this will get you started. Good luck!
Ok, open cmd and do as follows:
1.) CD into Apache's bin directory.
2.) Type "htpasswd -c C:\wherever\apache\is\auth\htpasswd user_name"
3.) Now open Notepad and create a file called ".htaccess" and save it in the directory (htdocs main folder or whatever subdirectory you want) you want to protect with a password. Make sure the ".htaccess" file has the following:
5.) Reload the directory with the .htaccess file and bam! Job done..Code:AuthType Basic
AuthName "Restricted Files"
AuthUserFile c:/apache_dir/auth/htpasswd
Require user whatever_user_you_made
Now I'm going to sleep...
Sorry I just get very pissed off and frustrated when things dont work right, especially when it has to do with computers.
1. Create a file called ".htaccess" (htaccess is the actual file extension... don't give it another one). In that file, place the following information:
Upload the file to the directory you would like to secure (in this case: http://yoursite/secured area/)Code:AuthName "secured directory"
AuthUserFile http://yoursite/secured area/.htpasswd
AuthGroupFile /dev/null
AuthType Basic
require valid-user
2. Create a file called ".htpasswd":
Upload it to the same directory.Code:username:password secured with md5
And here's a little tool do to the md5-encryption for the password.
That's basically it. READ that link I gave you for the details.
"/dev/null" I dont use Linux.
If .htacess is the file extension, what is the file name. Anything?
Edit: I think I did everything just how you said and it didnt work. I made new text documents and saved them with those extentions, both with the name of admin. (admin.htaccess, admin.htpasswd)
READ the tutorial. The file names are ".htaccess" and ".htpasswd", not SOMETHING.htaccess or SOMETHING.htpasswd.
And your avatar is a Linux-pengiun :p
Computers are funny things. They do exactly what you've told them, nothing more, nothing less. If something goes wrong it's because you made a mistake. Don't take it out on us and/or your computer.Quote:
Originally posted here by philman213
Sorry I just get very pissed off and frustrated when things dont work right, especially when it has to do with computers.
I hate to ask but did you RTFM?
You didn't mention what version of apache you're running so here's some documentation on both:
Authentication, authorization and access-control (version 1.3)
Authentication, authorization and access-control (version 2.0)
first make sure the bolded things from above are in your httpd.conf file. Yours will be a little different being windows, but the change is still the same. Then do like ;TT said and use the htpasswd.exe tool to make your user and pass.Quote:
DocumentRoot "/usr/local/apache2/htdocs"
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride AuthConfig
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/usr/local/apache2/htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#options
# for more information.
#
Options -Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride AuthConfig
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
ex. (summarizing what ;TT said)
Type "htpasswd -c C:\Program Files\Apache Group\Apache2\auth\htpasswd user_name"
without the quotes. It will prompt you for the password. Enter the password. This will create the file the .htaccess file will use to authenticate. I don't know if that directory is right for the default install, but I think it is.
Now make the .htaccess file and save it to the directory you want to require the username and pass to access.
ex.
AuthType Basic
AuthName "Restricted Files"
AuthUserFile c:/Program Files/Apache Group/Apache2/auth/htpasswd
Require user user_name
like ;TT said to get it to save as .htaccess you have to put quotes around it like ".htaccess"
once that is done, you just need to restart apache, and it should prompt you for a user and pass when trying to access the directory with the .htaccess file in it. Hope this gets you over the hump you couldn't get over from the other info. I think they left off about the config change in apache, but I'm sure it was on one of the websites posted and that's why they left it off. Try and read more next time. Peace.
Maybe it's time to ask a basic question first:
Are you running your own server? If yes, which one and on what OS?...
If no, you're talking about your webhost?
I've re-opened this thread at the request of one of the posters. If it gets closed again due to APs, it will stay closed. 'Nuff said. Carry on. :D
Maybe Im making the files wrong then. How exactly am I suppose to make them. Make a new notepad file and save as ".htaccess" and ".htpasswd"?
Attached is what happens when I try and do the -c blah blah stuff.
Did you create the folder auth? If not that may be the problem. Try making that folder then retry that command. Hope that works. And if this thread gets closed and you have questions just pm me. Peace.
No, I have auth already created.
Add quotes around the location, so htpasswd -c "C:\whatever\auth\htpasswd" user_name
Alright I have the htpasswd created in the auth directory. Now my understanding is to leave that, and create a htaccess file in the folder i want people to have to have a user/pass to access. How do I go about creating the htaccess file?
Edit:
I get the following after opening notepad and making the .htaccess file in the folder I wanted. This is what I have for my .htaccess file...
AuthType Basic
AuthName "Secured Directory"
AuthUserFile C:\Program Files\Apache Group\Apache2\auth\.htpasswd
Require valid-user
And this is the error I get...
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, *********** and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
--------------------------------------------------------------------------------
Apache/2.0.51 (Win32) Server at **********.ath.cx Port 80
when you made the htpasswd file with the htpasswd command, you made it htpasswd not .htpasswd right? So I think this will work for you .htaccess file
and if you made the file .htpasswd you would simply useCode:AuthType Basic
AuthName "Restricted Files"
AuthUserFile c:/Program Files/Apache Group/Apache2/auth/htpasswd
Require user philman213
to see which one you used just open up my computer and navigate to that directory and it will either have a . or not. Hope this finally gets it working.Code:AuthType Basic
AuthName "Restricted Files"
AuthUserFile c:/Program Files/Apache Group/Apache2/auth/.htpasswd
Require user philman213
I found a error that I made, in .htaccess I directed it to .htpasswd, when it was always htpasswd (without the period). But still, I get the same error. After trying C:/... and C:\... I still get the error. I check my error log and this is what it has to say:
[Fri Sep 24 14:39:11 2004] [alert] [client **.***.***.***] C:/Program Files/Apache Group/Apache2/htdocs/*******/.htaccess: AuthUserFile takes 1-2 arguments, text file containing user IDs and passwords, referer: http://www.*************.com/***********
Your passwords file does not need to be called .htpasswd, you can call it wibble.txt if you like (but ensure it is not downloadable by the web server).
I normally call it htpasswd or htpasswords and store it outside of the web root. Putting the fullstop in front just makes it hidden in Unix, which is really superfluous.
As ever, check the error log if there is an error - only change one thing at once.
You will need an AuthType directive, and also a Require directive - make sure they're there.
Slarty
I guess you didnt read or I didnt say but my htaccess is identical to the one on the apache site except I have the feilds correct.
I think the space in your .htaccess file is screwing it up. I'm thinking it's seeing stuff after the space as a second parameter. Try putting quotes around it. If that doesn't work search around for a solution. Peace.
I fixed it. Thanks anyway. Apparently I had to add quotes on the C:\ when I was told by many people not too :-O