Wednesday 30 May 2012

To password protect your website make it private



To password protect your website, please follow these steps:

Log into your Linux web server via Secure Shell (SSH).
Change into the directory you wish to password protect.
Note: If you wish to protect your entire website us the following command:
1:cd /vservers/username/htdocs
2:Create a file called .htaccess using the following command:
pico .htaccess
3:Enter the following information:
AuthType Basic
AuthName "Please enter your Username and Password"
AuthUserFile /vservers/username/htdocs/.htpasswd
AuthGroupFile /dev/null
Require valid-user

4:Press ctrl+o to save the file.
5:Press ctrl+x to exit the file.
6:Create the .htpasswd file using the following command:
/usr/bin/htpasswd -c /vservers/username/htdocs/.htpasswd username
7:Enter the password you wish to use.
8:Re-enter the password.
9:Grant read access to each file using the following commands:
chmod a+r .htaccess
chmod a+r .htpasswd


Password protection by a single login:
Password files:

Create the directory you want to password protect (example: membersonly)
Create a file /home/domain/public_html/membersonly/.htaccess in that director that looks something like this:

     AuthName "Add your login message here."
     AuthType Basic
     AuthUserFile /home/domain/public_html/membersonly/.htpasswd
     AuthGroupFile /dev/null
     require user name-of-user
                   
In this case the "name-of-user" is the login name you wish to use for accessing the web site.
One can use Apache directives to specify access and restriction:
AuthName "Add your login message here."
     AuthType Basic
     AuthUserFile /home/domain/public_html/membersonly/.htpasswd
     AuthGroupFile /dev/null
     <Limit GET POST>
     require user name-of-user
     </Limit>

The name of the access file .htaccess is specified by the httpd.conf directive AccessFileName.
Create (or clobber if it already exists) the password file /home/domain/public_html/membersonly/.htpasswd using the program htpasswd:
         htpasswd -c .htpasswd name-of-user
         
Add a new user to the existing password file:
         htpasswd .htpasswd name-of-user
         
Man page: htpasswd
Example file: .htpasswd

user1:KgvCSeExtS4kM
USER1:KgvCSeExtS4kM
User1:KgvCSeExtS4kM

Placing Authentication directives in httpd.conf exclusively instead of using .htaccess:
The purpose of using the "distributed configuration file" .htaccess is so that users may control authentication. It can also be set in the Apache configuration file httpd.conf WITHOUT using the .htaccess file. This can improve server performance as the server will not have to look for the .htaccess file in each subdirectory.
File: httpd.conf (portion)
..
    ...

     <Directory /home/domain/public_html/membersonly>
     AllowOverride AuthConfig
     AuthName "Add your login message here."
     AuthType Basic
     AuthUserFile /home/domain/public_html/membersonly/.htpasswd
     AuthGroupFile /dev/null
     require user name-of-user
     </Directory>

    ...
    ..
</VirtualHost>
Posted by at 04:44

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)