Solved

How to create password protected directory

Posted on 2003-10-21
7
1,431 Views
Last Modified: 2010-03-04
hello, everybody?

Does anybody can teach me how to create a password protected directory at Sun Solaris system? My web server is Apache. any I donot have access to httpd.conf file. I guess I have t do this by using .htaccess file or is there any other solutions? THanks very much.

0
Comment
Question by:Maggie_li
  • 5
  • 2
7 Comments
 
LVL 15

Expert Comment

by:periwinkle
Comment Utility
Hi Maggie -

If you do not have access to the httpd.conf file, then you would do this via a .htaccess file (as long as your server admin has given you permission to do so).

There's a good basic article on this at:

http://www.apacheweek.com/issues/96-10-18#userauth

If you'd like a way of managing your password files without ssh or telnet access, you might consider using a program like Access Denied:

http://solutionscripts.com/warehouse/access_denied/index.shtml
0
 

Author Comment

by:Maggie_li
Comment Utility
Thank you very much for your help, periwinkle.
but this is a broken link that I can not access it. Could you please give me more information about this topics? Thanks a lot.

0
 
LVL 15

Expert Comment

by:periwinkle
Comment Utility
Maggie -

I was able to click on both links above???  Which one did you have problems with?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 15

Expert Comment

by:periwinkle
Comment Utility
Here's another link to the Apache.org website that gives the information on .htaccess control:

http://httpd.apache.org/docs/howto/auth.html

0
 
LVL 15

Accepted Solution

by:
periwinkle earned 50 total points
Comment Utility
Basically, to do user-based authentication, you create a file called .htaccess in the directory that you want to protect (be aware that subdirectories wil be protected as well).  In that file, you place directives:

AuthUserFile /full/path/to/.htpasswd
AuthName "some text you'd like to pop up - like Enter username and password for access to site"
AuthType Basic

<LIMIT GET POST PUT>
require valid-user
</LIMIT>

This refers to a file, which I've called .htpasswd in my example above (but can be called anything) that contains the usernames and passwords.  As you probably are aware, any file that begins with a period is a hidden file.  It's a good idea to put the htpassword file outside of the html hierarchy (if possible), and to start it with a period.

To create the password file, you need to either log on via ssh and use the htpasswd program (which is provided with the Apache distribution) to create the htpasswd file, or use a cgi program such as the Access Denied script that I've given above.

To use the htpasswd command utility, you will use the -c flag only the first time to create the file (if you continue to use it, it will overwrite the file, deleting any previous entries):

htpasswd -c .htpasswd username

it will then prompt you for the password (twice, to make certain that you have entered it properly).

On subsequent times, you'll just use:

htpasswd .htpasswd username
0
 

Author Comment

by:Maggie_li
Comment Utility
periwinkle,

Thanks very much for your help. I got the problem figured out:-)

I have already accepted your comment as answer. Thanks again,
and have a nice day.

0
 
LVL 15

Expert Comment

by:periwinkle
Comment Utility
Hi Maggie -

Glad to be of help!

0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now