Solved

How to create an .htacess file to pasword protect a directory.

Posted on 2007-04-10
17
163 Views
Last Modified: 2010-04-09
What goes into an .htaccess file to password protect a directory?

Right now we have no .htaccess file

Thanks!
0
Comment
Question by:weikelbob
  • 8
  • 7
  • 2
17 Comments
 
LVL 24

Expert Comment

by:slyong
ID: 18886487
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18886588
How do I come up with my root URL?

0
 
LVL 24

Expert Comment

by:slyong
ID: 18886650
your Webroot is where you upload your html files to.
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18886687
Yes, but don't I need my php settings to find the whole URL?

0
 
LVL 24

Expert Comment

by:slyong
ID: 18886732
Nope, .htaccess is a feature of apache and has nothing to do with php.  Your webroot directory is where you have your index.html.  Depending on the server setting, it might be /var/www/html, /home/vhosts/yourdomain.com/httpdocs, etc.
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18886745
How do I find my webroot directory?
0
 
LVL 24

Expert Comment

by:slyong
ID: 18886798
Where do you upload your html files to?
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18886972
I just use FTP. My FTP program doesn not give me the full directory.
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 24

Expert Comment

by:slyong
ID: 18887077
That directory is your webroot directory.  Do you have any other access to the server, like Control Panel, ssh, etc?
0
 
LVL 10

Expert Comment

by:NeoDiffusion
ID: 18888284

Hello,

To know what is your absolute path, simply create the following PHP file, and upload whith your your other files:
-- begin file whereami.php --
<?php
echo  getcwd();
?>
-- end file whereami.php --

Then, in your browser, type http://www.yoursite.tld/whereami.php

Don't forget to remove this file, this information could be used by hackers.

Rgds,
Werner.
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18894947
Cool. Let me try that php function
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18948927
OK.

I've been using you guys' links.

I have my admin directory password protected, but you can view files inside the admin directory without a username and password. How do I password protect an entire directory?

I tried password protecting single files with no luck. I used NeoDiffusion's script to get the root. I'm using the Dynamic Drive link to generate the htaccess and htpasswd text.

What could I be doing wrong?
0
 
LVL 10

Accepted Solution

by:
NeoDiffusion earned 250 total points
ID: 18949543
Hello,

If you can view inside the protected directory without login/password, then your folder is NOT protected (except if you provided once the data: it's saved during your whole session).

Here is a recap:

You should have your .htpassword file in a secret folder. This folder should contain a .htaccess file with following content:
--
deny from all
--
To make sure that nobody can access your password file

Then, your admin folder should contain a .htaccess file, with something like:
--
AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "My Secret Folder"
Require valid-user
--

Read http://www.elated.com/articles/password-protecting-your-pages-with-htaccess/
for detailed instructions.

Rgds,
Werner.
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18950619
@NeoDiffusion and slyong

I've tried all of the links in this post and the same thing is happening.

The site is hosted with Godaddy and they won't talk to me about htaccess. They say that their cpanel doesn't password protect directories, and they said to use htaccess, but they don't support the configuration of htaccess.

The thing that keeps happening when I try to password protect a directory is that if I go to the directory directly

www.basilnthyme.com/admin

I get the password protection screen.

If I go directly to the pages within the directory, it lets me through - like

www.basilnthyme.com/admin/admin.php

Any ideas?
0
 
LVL 24

Expert Comment

by:slyong
ID: 18950935
Hi weikelbob,

Could you please tell us what have you done?  In particular if you can show us what does your .htaccess looks like and .htpasswd looks like and where do you put the files into?
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18953191
OK.

.htaccess:
AuthUserFile /home/content/p/r/e/preetiwaas/html/admin/.htpasswd
AuthType Basic
AuthName "My Secret Folder"
Require valid-user

.htpasswd:
preetiwaas:98t3DleUAYy/k

I put the files in www.basilnthyme.com/admin
0
 
LVL 24

Assisted Solution

by:slyong
slyong earned 250 total points
ID: 18953289
Hi weikelbob,

I have done some reading.  GoDaddy has a problem with the .htaccess and there is no way around it.  There is a way that use .html as a .php program but it is going to be quite messy.  The references is here:

http://forums.oscommerce.com/lofiversion/index.php/t193134.html
http://forums.devshed.com/apache-development-15/apache-config-on-shared-host-does-not-protect-php-files-321868.html

So, basically sorry, the .htaccess method that you use and did is correct but due to GoDaddy's configuration, you can't protect your php file.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
C# GridRow get Old/New Value 1 55
Adding a Li to a UL after a specified Li contents 2 42
Set email body to html using vbscript 6 22
Centered Image 2 19
Learn by example how to specify CSS selectors for Selenium WebDriver test automation software.
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now