Solved

How to create an .htacess file to pasword protect a directory.

Posted on 2007-04-10
17
164 Views
Last Modified: 2010-04-09
What goes into an .htaccess file to password protect a directory?

Right now we have no .htaccess file

Thanks!
0
Comment
Question by:weikelbob
  • 8
  • 7
  • 2
17 Comments
 
LVL 24

Expert Comment

by:slyong
ID: 18886487
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18886588
How do I come up with my root URL?

0
 
LVL 24

Expert Comment

by:slyong
ID: 18886650
your Webroot is where you upload your html files to.
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 7

Author Comment

by:weikelbob
ID: 18886687
Yes, but don't I need my php settings to find the whole URL?

0
 
LVL 24

Expert Comment

by:slyong
ID: 18886732
Nope, .htaccess is a feature of apache and has nothing to do with php.  Your webroot directory is where you have your index.html.  Depending on the server setting, it might be /var/www/html, /home/vhosts/yourdomain.com/httpdocs, etc.
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18886745
How do I find my webroot directory?
0
 
LVL 24

Expert Comment

by:slyong
ID: 18886798
Where do you upload your html files to?
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18886972
I just use FTP. My FTP program doesn not give me the full directory.
0
 
LVL 24

Expert Comment

by:slyong
ID: 18887077
That directory is your webroot directory.  Do you have any other access to the server, like Control Panel, ssh, etc?
0
 
LVL 10

Expert Comment

by:NeoDiffusion
ID: 18888284

Hello,

To know what is your absolute path, simply create the following PHP file, and upload whith your your other files:
-- begin file whereami.php --
<?php
echo  getcwd();
?>
-- end file whereami.php --

Then, in your browser, type http://www.yoursite.tld/whereami.php

Don't forget to remove this file, this information could be used by hackers.

Rgds,
Werner.
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18894947
Cool. Let me try that php function
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18948927
OK.

I've been using you guys' links.

I have my admin directory password protected, but you can view files inside the admin directory without a username and password. How do I password protect an entire directory?

I tried password protecting single files with no luck. I used NeoDiffusion's script to get the root. I'm using the Dynamic Drive link to generate the htaccess and htpasswd text.

What could I be doing wrong?
0
 
LVL 10

Accepted Solution

by:
NeoDiffusion earned 250 total points
ID: 18949543
Hello,

If you can view inside the protected directory without login/password, then your folder is NOT protected (except if you provided once the data: it's saved during your whole session).

Here is a recap:

You should have your .htpassword file in a secret folder. This folder should contain a .htaccess file with following content:
--
deny from all
--
To make sure that nobody can access your password file

Then, your admin folder should contain a .htaccess file, with something like:
--
AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "My Secret Folder"
Require valid-user
--

Read http://www.elated.com/articles/password-protecting-your-pages-with-htaccess/
for detailed instructions.

Rgds,
Werner.
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18950619
@NeoDiffusion and slyong

I've tried all of the links in this post and the same thing is happening.

The site is hosted with Godaddy and they won't talk to me about htaccess. They say that their cpanel doesn't password protect directories, and they said to use htaccess, but they don't support the configuration of htaccess.

The thing that keeps happening when I try to password protect a directory is that if I go to the directory directly

www.basilnthyme.com/admin

I get the password protection screen.

If I go directly to the pages within the directory, it lets me through - like

www.basilnthyme.com/admin/admin.php

Any ideas?
0
 
LVL 24

Expert Comment

by:slyong
ID: 18950935
Hi weikelbob,

Could you please tell us what have you done?  In particular if you can show us what does your .htaccess looks like and .htpasswd looks like and where do you put the files into?
0
 
LVL 7

Author Comment

by:weikelbob
ID: 18953191
OK.

.htaccess:
AuthUserFile /home/content/p/r/e/preetiwaas/html/admin/.htpasswd
AuthType Basic
AuthName "My Secret Folder"
Require valid-user

.htpasswd:
preetiwaas:98t3DleUAYy/k

I put the files in www.basilnthyme.com/admin
0
 
LVL 24

Assisted Solution

by:slyong
slyong earned 250 total points
ID: 18953289
Hi weikelbob,

I have done some reading.  GoDaddy has a problem with the .htaccess and there is no way around it.  There is a way that use .html as a .php program but it is going to be quite messy.  The references is here:

http://forums.oscommerce.com/lofiversion/index.php/t193134.html
http://forums.devshed.com/apache-development-15/apache-config-on-shared-host-does-not-protect-php-files-321868.html

So, basically sorry, the .htaccess method that you use and did is correct but due to GoDaddy's configuration, you can't protect your php file.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

"In order to have an organized way for empathy mapping, we rely on a psychological model and trying to model it in a simple way, so we will split the board to three section for each persona and a scenario and try to see what those personas would Do,…
Find out what you should include to make the best professional email signature for your organization.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now