Creating a simple file can substantially increase the security of your website through password protection.
This tutorial will take you through the steps of creating the .htaccess file, which will generate stronger security for your website. The .htaccess is only a file, yet it has the ability to alter server settings; thus, the .htacess file can be used to redirect users automatically, create custom error pages, change file extensions, ban or allow users with certain IP addresses, and most importantly, offer solid and convenient password protection.In preparing to work with a .htaccess file, there are several steps that will make the overall process much easier.
1. Create a .htaccess file - The creation of a .htaccess file is very easy; you simply need to type the appropriate code into a text editor, such as Notepad or Word. Please note that a problem may occur when you attempt
Note: Microsoft Front Page Warning:
It is best to use extra caution if you are using the Microsoft FrontPage Extensions. The FrontPage extensions make direct use the .htaccess file. Therefore, if you do want to edit it, you should first download the .htaccess file, if available, from your server. Then, at the start of the file, you simply add your code.
Adding password protection to a directory using .htaccess takes two stages.
2. Working with the .htaccess file - First, in the directory you wish to increase security, you need to enter in the proper lines to the .htaccess file. Password protection will then apply to everything underneath the directory.
AuthName "Section Name"To offer further clarification to the above lines of text please keep in mind the following:
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user
"Section Name" should be changed to the title of the portion of the site you would like to protect, such as "Members Area."
In addition, you need to change the AuthUserFile/full/parth/to/.htpasswd in order to fully reflect the total server path to access the .htpasswd file. Please cotnact your system administrator to obtain this information, if you do not currently know what the full path of your server is.
3. Working with the .htpasswd file - In order to password protect a directory, you need to create a file that holds the passwords and usernames for those individuals who are permitted to have site access. This information should be typed into a file named .htpasswd . Similar to the .htaccess file, .htpasswd does not have any specific file name; rather, it has a eight letter extension. You may place the .htpasswd file anywhere in your website because of the encrypted passwords; however, if you place the file outside of the web root, it would be impossible for anyone to access the information from the web, and thus, your can achieve a higher level of security.
Creating Usernames and Passwords for the .htpasswd file:
After you have created the htpasswd file, you will need to type in the username and passwords that can be used to access the site. The usernames and passwords should be typed in the following format: username:password
Please note that the user name should match the registered user name; however, the password will need to be listed in the encrypted format. To encrypt the password, you can write your own, or you can also utilize available premade script. There is a good username/password service located at http://www.tools.dynamicdrive.com/password/ , which will allow you to enter the user name and password and will output it in the correct format.
For multiple users, simply add extra lines to your .htpasswd file in the same format as the first.
There are many additional free scripts that you may work with to enhance the functionality and usability of the .htaccess file. There is no doubt that this is one of the most useful files a webmaster can use in customizing the functionality of his or her web site.
No comments:
Post a Comment