?
Solved

How to create an .htacess file to pasword protect a directory.

Posted on 2007-04-10
17
Medium Priority
?
173 Views
Last Modified: 2010-04-09
What goes into an .htaccess file to password protect a directory?

Right now we have no .htaccess file

Thanks!
0
Comment
Question by:weikelbob
  • 8
  • 7
  • 2
17 Comments
 
LVL 24

Expert Comment

by:slyong
ID: 18886487
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18886588
How do I come up with my root URL?

0
 
LVL 24

Expert Comment

by:slyong
ID: 18886650
your Webroot is where you upload your html files to.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
LVL 7

Author Comment

by:weikelbob
ID: 18886687
Yes, but don't I need my php settings to find the whole URL?

0
 
LVL 24

Expert Comment

by:slyong
ID: 18886732
Nope, .htaccess is a feature of apache and has nothing to do with php.  Your webroot directory is where you have your index.html.  Depending on the server setting, it might be /var/www/html, /home/vhosts/yourdomain.com/httpdocs, etc.
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18886745
How do I find my webroot directory?
0
 
LVL 24

Expert Comment

by:slyong
ID: 18886798
Where do you upload your html files to?
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18886972
I just use FTP. My FTP program doesn not give me the full directory.
0
 
LVL 24

Expert Comment

by:slyong
ID: 18887077
That directory is your webroot directory.  Do you have any other access to the server, like Control Panel, ssh, etc?
0
 
LVL 10

Expert Comment

by:NeoDiffusion
ID: 18888284

Hello,

To know what is your absolute path, simply create the following PHP file, and upload whith your your other files:
-- begin file whereami.php --
<?php
echo  getcwd();
?>
-- end file whereami.php --

Then, in your browser, type http://www.yoursite.tld/whereami.php

Don't forget to remove this file, this information could be used by hackers.

Rgds,
Werner.
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18894947
Cool. Let me try that php function
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18948927
OK.

I've been using you guys' links.

I have my admin directory password protected, but you can view files inside the admin directory without a username and password. How do I password protect an entire directory?

I tried password protecting single files with no luck. I used NeoDiffusion's script to get the root. I'm using the Dynamic Drive link to generate the htaccess and htpasswd text.

What could I be doing wrong?
0
 
LVL 10

Accepted Solution

by:
NeoDiffusion earned 1000 total points
ID: 18949543
Hello,

If you can view inside the protected directory without login/password, then your folder is NOT protected (except if you provided once the data: it's saved during your whole session).

Here is a recap:

You should have your .htpassword file in a secret folder. This folder should contain a .htaccess file with following content:
--
deny from all
--
To make sure that nobody can access your password file

Then, your admin folder should contain a .htaccess file, with something like:
--
AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "My Secret Folder"
Require valid-user
--

Read http://www.elated.com/articles/password-protecting-your-pages-with-htaccess/
for detailed instructions.

Rgds,
Werner.
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18950619
@NeoDiffusion and slyong

I've tried all of the links in this post and the same thing is happening.

The site is hosted with Godaddy and they won't talk to me about htaccess. They say that their cpanel doesn't password protect directories, and they said to use htaccess, but they don't support the configuration of htaccess.

The thing that keeps happening when I try to password protect a directory is that if I go to the directory directly

www.basilnthyme.com/admin

I get the password protection screen.

If I go directly to the pages within the directory, it lets me through - like

www.basilnthyme.com/admin/admin.php

Any ideas?
0
 
LVL 24

Expert Comment

by:slyong
ID: 18950935
Hi weikelbob,

Could you please tell us what have you done?  In particular if you can show us what does your .htaccess looks like and .htpasswd looks like and where do you put the files into?
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18953191
OK.

.htaccess:
AuthUserFile /home/content/p/r/e/preetiwaas/html/admin/.htpasswd
AuthType Basic
AuthName "My Secret Folder"
Require valid-user

.htpasswd:
preetiwaas:98t3DleUAYy/k

I put the files in www.basilnthyme.com/admin
0
 
LVL 24

Assisted Solution

by:slyong
slyong earned 1000 total points
ID: 18953289
Hi weikelbob,

I have done some reading.  GoDaddy has a problem with the .htaccess and there is no way around it.  There is a way that use .html as a .php program but it is going to be quite messy.  The references is here:

http://forums.oscommerce.com/lofiversion/index.php/t193134.html
http://forums.devshed.com/apache-development-15/apache-config-on-shared-host-does-not-protect-php-files-321868.html

So, basically sorry, the .htaccess method that you use and did is correct but due to GoDaddy's configuration, you can't protect your php file.
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over time, the online landscape has altered considerably, but that’s nothing compared to the up-and-coming trends that will shape the web design industry in the coming year. Keep reading to find out which trends will shape B2B web design in 2018.
The Super Bowl is just days away. Millions of advertising dollars will be spent in just a few hours to drive people to websites around the globe. Optimizing your site in anticipation of a big event like this (and the traffic surges that follow) will…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question