modified on 29 June 2011 at 11:05 ••• 6,982 views

WebProtect

From Maties Ubuntu

Jump to: navigation, search

Contents

Introduction

See: http://www.htaccess-guide.com

What is .htaccess?

.htaccess is a configuration file for use on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory which is in turn 'loaded via the Apache Web Server', then the .htaccess file is detected and executed by the Apache Web Server software. These .htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer. These facilities include basic redirect functionality, for instance if a 404 file not found error occurs, or for more advanced functions such as content password protection or image hot link prevention.

How to use .htaccess

'.htaccess' is the filename in full, it is not a file extension. For instance, you would not create a file called, 'file.htaccess', it is simply called, '.htaccess'. This file will take effect when placed in any directory which is then in turn loaded via the Apache Web Server software. The file will take effect over the entire directory it is placed in and all files and subdirectories within the specified directory.

You can create a .htaccess file using any good text editor such as TextPad, UltraEdit, Microsoft WordPad and similar. (You cannot use Microsoft NotePad!) Here is an example of what you might include in a .htaccess file.

AuthName "Member's Area Name"
AuthUserFile /path/to/password/file/.htpasswd
AuthType Basic
require valid-user
ErrorDocument 401 /error_pages/401.html
AddHandler server-parsed .html

This is a fairly advanced example: it enables password protection on the directory; it offers redirection to a custom error page if a user fails to login correctly; and it enables SSI (server side includes) for use with '.html' files. Please don't be put off, it's very simple once you gain a basic understanding and this article provides examples which are ready to go - simply copy, paste and customise. Examples are explained line by line so it is clear exactly what each line does and why you need it.

Once you have created a .htaccess file, which may look similar to the one shown above (or may simply contain one line), you need to upload it. This should be done using a FTP (file transfer protocol) program. You should already have one which you will have used to upload your web site content. If not, many are available free of charge from web sites such as 'Download.com' and we can recommend 'CuteFTP' and 'WSFTP'.

When uploading your .htaccess files, it is very important you upload the file in 'ASCII' mode. 'ASCII' and 'BINARY' are different methods of transferring data and it is important .htaccess files are transferred in 'ASCII' mode and not 'BINARY'. It is likely your FTP software will default to 'BINARY' so look for a 'Transfer Mode' or 'Transfer Type' option in the menus.

Upload the .htaccess file to the directory you would like it to take effect over. Now visit this directory using your web browser as you would for any other document on your web site and check it has worked correctly.

Note, when you upload your .htaccess file it may not appear in the directory listings for files on your web site. Do not worry; this means your server or FTP software is hiding them which should not be an issue.

A possible cause of error is if the file permissions on the .htaccess file are not set correctly. This only occurs on certain servers, but you may like to change the permissions on the file to '755' or 'executable'. You can do this with your FTP software, look for a 'File Permissions' or 'CHMOD' option, and input '0755'.

If your .htaccess file does not work, you should contact your system administrator or web hosting company and ensure they have enabled .htaccess within your account. Some web hosting companies do not allow use without permission. If errors persist, consult this article for advice, or contact your system administrator for advice.

How to setup the password file

Now you'll have to set up the password file. You'll need to use the htpasswd program. It is included with the Apache httpd server.

First cd to the directory that contains the password file. In this example the password file is called .htpasswd and is in the directory /z/ric/secret/ as indicated by the AuthUserFile file entry in the .htaccess file. For every username you want to add to the password file, enter the following. (the -c is only required the first time; it indicates that you want to create the .htpasswd file).

mkdir secret
cd secret
htpasswd -c .htpasswd pumpkin

You're prompted for the password for pumpkin.

If you have other users enter the following. Don't use the -c

htpasswd .htpasswd user2
htpasswd .htpasswd user3

Again, make sure the permissions are set up like the "protect" directory using the chmod and chgrp-www commands above so the only one that can read files in the "secret" directory is the owner and the server.