Web :: Password-protecting Directories

Printer-friendly versionSend to friendPDF version

For security reasons, web access to directories must be limited and protected against tampering. The process of limiting web access to a directory behind a user name and password involves two steps. For each of these steps, you will need to create a text file using a simple text editor such as Notepad, TextEdit, or TextWrangler. After performing the steps outlined below, you will need to save the file as a text file using the filenames exactly as specified in the instructions. These files  then need to be uploaded to the HSU web server with your sftp client as directed. 

Note: You will be creating two files that have a "." at the beginning of their names (.htaccess and .htpasswd). Some sftp clients "hide" those files, as do some operating systems, including Mac OS X, but all sftp clients have a way for you to view hidden files. If you're using Dreamweaver to upload your files, the filenames will be visible there.

Step 1: Access Control

First, create a file named .htaccess and copy it to the directory you need to protect.

These four lines of text should be put in the file if your site is on the Central Web Server (humboldt.edu/yoursite): 

AuthUserFile /var/www/webaccounts/YourWebSiteName/public_html/DirectoryToProtect/.htpasswd
AuthName "Login Required"
AuthType Basic
require valid-user

For this code to work for your site, you'll need to replace two values:

    a.  "YourWebSiteName" should be replaced with the name of your web site, for example, "geography" or "english" - without the quote marks
    b.  "DirectoryToProtect" should be replaced with the name of the directory that you want to protect.

Add this information to the file, replacing the necessary values, and upload it to the HSU Central Web Server.

These four lines of text should be put in the file if your site is on the User Web Server (users.humboldt.edu):

AuthUserFile /user-homes/homes/YourAccount/public_html/DirectoryToProtect/.htpasswd
AuthName "Login Required"
AuthType Basic
require valid-user

For this code to work for your site, you'll need to replace two values:

    a.  "YourAccount" should be replaced with your HSU User Name (abc123, for example). This is different from your alias (aclark, for example), which is in your site's web address.
    b.  "DirectoryToProtect" should be replaced with the name of the directory that you want to protect.

Add this information to the file, replacing the necessary values, and upload it to the HSU User Web Server.

Step 2: Password Control

Now create a .htpasswd file. While you can copy this file to any location on the server, it's best to place it in the protected directory. To generate the encrypted password for this file, you will need to use the software tool linked below. Click on the link and follow the instructions. This is where you choose the username and password for the protected directory. 

http://www.htaccesstools.com/htpasswd-generator/

NOTE: Do NOT use your HSU User Name and/or Password

Copy the line that is generated by the program to your .htpasswd file and upload it to the web server. The encrypted text will look something like this:

test:$apr1$34W7v/..$I8RZ2xReMN61TJN5jaOgt1

Step 3: Test

Visit your protected directory to test the access controls.

Related Topics

Central Web, User Web
feedback