Solved

How to create an .htacess file to pasword protect a directory.

Posted on 2007-04-10
17
162 Views
Last Modified: 2010-04-09
What goes into an .htaccess file to password protect a directory?

Right now we have no .htaccess file

Thanks!
0
Comment
Question by:weikelbob
  • 8
  • 7
  • 2
17 Comments
 
LVL 24

Expert Comment

by:slyong
ID: 18886487
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18886588
How do I come up with my root URL?

0
 
LVL 24

Expert Comment

by:slyong
ID: 18886650
your Webroot is where you upload your html files to.
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18886687
Yes, but don't I need my php settings to find the whole URL?

0
 
LVL 24

Expert Comment

by:slyong
ID: 18886732
Nope, .htaccess is a feature of apache and has nothing to do with php.  Your webroot directory is where you have your index.html.  Depending on the server setting, it might be /var/www/html, /home/vhosts/yourdomain.com/httpdocs, etc.
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18886745
How do I find my webroot directory?
0
 
LVL 24

Expert Comment

by:slyong
ID: 18886798
Where do you upload your html files to?
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18886972
I just use FTP. My FTP program doesn not give me the full directory.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 24

Expert Comment

by:slyong
ID: 18887077
That directory is your webroot directory.  Do you have any other access to the server, like Control Panel, ssh, etc?
0
 
LVL 10

Expert Comment

by:NeoDiffusion
ID: 18888284

Hello,

To know what is your absolute path, simply create the following PHP file, and upload whith your your other files:
-- begin file whereami.php --
<?php
echo  getcwd();
?>
-- end file whereami.php --

Then, in your browser, type http://www.yoursite.tld/whereami.php

Don't forget to remove this file, this information could be used by hackers.

Rgds,
Werner.
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18894947
Cool. Let me try that php function
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18948927
OK.

I've been using you guys' links.

I have my admin directory password protected, but you can view files inside the admin directory without a username and password. How do I password protect an entire directory?

I tried password protecting single files with no luck. I used NeoDiffusion's script to get the root. I'm using the Dynamic Drive link to generate the htaccess and htpasswd text.

What could I be doing wrong?
0
 
LVL 10

Accepted Solution

by:
NeoDiffusion earned 250 total points
ID: 18949543
Hello,

If you can view inside the protected directory without login/password, then your folder is NOT protected (except if you provided once the data: it's saved during your whole session).

Here is a recap:

You should have your .htpassword file in a secret folder. This folder should contain a .htaccess file with following content:
--
deny from all
--
To make sure that nobody can access your password file

Then, your admin folder should contain a .htaccess file, with something like:
--
AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "My Secret Folder"
Require valid-user
--

Read http://www.elated.com/articles/password-protecting-your-pages-with-htaccess/
for detailed instructions.

Rgds,
Werner.
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18950619
@NeoDiffusion and slyong

I've tried all of the links in this post and the same thing is happening.

The site is hosted with Godaddy and they won't talk to me about htaccess. They say that their cpanel doesn't password protect directories, and they said to use htaccess, but they don't support the configuration of htaccess.

The thing that keeps happening when I try to password protect a directory is that if I go to the directory directly

www.basilnthyme.com/admin

I get the password protection screen.

If I go directly to the pages within the directory, it lets me through - like

www.basilnthyme.com/admin/admin.php

Any ideas?
0
 
LVL 24

Expert Comment

by:slyong
ID: 18950935
Hi weikelbob,

Could you please tell us what have you done?  In particular if you can show us what does your .htaccess looks like and .htpasswd looks like and where do you put the files into?
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18953191
OK.

.htaccess:
AuthUserFile /home/content/p/r/e/preetiwaas/html/admin/.htpasswd
AuthType Basic
AuthName "My Secret Folder"
Require valid-user

.htpasswd:
preetiwaas:98t3DleUAYy/k

I put the files in www.basilnthyme.com/admin
0
 
LVL 24

Assisted Solution

by:slyong
slyong earned 250 total points
ID: 18953289
Hi weikelbob,

I have done some reading.  GoDaddy has a problem with the .htaccess and there is no way around it.  There is a way that use .html as a .php program but it is going to be quite messy.  The references is here:

http://forums.oscommerce.com/lofiversion/index.php/t193134.html
http://forums.devshed.com/apache-development-15/apache-config-on-shared-host-does-not-protect-php-files-321868.html

So, basically sorry, the .htaccess method that you use and did is correct but due to GoDaddy's configuration, you can't protect your php file.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Read about why website design really matters in today's demanding market.
Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…
This video teaches users how to migrate an existing Wordpress website to a new domain.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now