Limiting user access to a web page
The web server we use here at rdwarf.com is Apache, which is a very powerful and
complex server providing many useful features. Most of these features
must be configured at the system level, and users needn't worry about
them. There are several things that can be set up on a per-user basis,
One of those things is security. For any particular set of web pages a
list of users may be defined, and those users given passwords. If someone
does not have a user name and matching password, they are unable to see
This is not the most secure mechanism imaginable. The passwords are
sent over the Internet as plain, unencrypted text, and may be intercepted
between the user and rdwarf.com. While stored on rdwarf.com, they use
an old-fashioned and relatively easily broken storage mechanism. If the
pages in question require very secure access, this is not an appropriate
mechanism. However, for many things it will more than suffice.
Setting the secure directory and files up
- First create your directory. Make sure it has a name you'll remember
easily as being secure. I tend to use <word>secure
for my secure directory names.
- Once you've created the directory, create two files within
it: .htaccess and .htpassword. The first file,
.htaccess, is responsible for enabling security, and the second
file, .htpassword, defines who has access.
- Last, make your index file for your new secure directory. Make sure
everything links up to where you want it to.
The .htaccess file
Open the .htaccess access file. Paste in the following:
AuthName "<Area Name>"
Notes on each line:
- You need to replace the <Area Name> (but not the
quotation marks) in the AuthName line with whatever name you're
going to use when you define this secure area -- it's what will come up
in the login/password box/browser. You can also name more than one page
with that name. If you do so, it will only ask for passwords once per
session. This way multiple pages can use the same passwords and not be
constantly pestering the user for passwords.
- The AuthType sets the type of authentication to the kind
we use. You don't need to do anything with that line.
- The AuthUserFile line lists the complete path to the
.htpassword file to be checked for passwords. Make sure you
get it right! It can be anywhere in your home directories, and
different files or pages can point to the same one. That means you can
have several directories that use the same set of users and passwords. An
example for my rdwarf directory:
- The require valid-user line means a valid username and
password is necessary to display the page. Nothing need be changed
The .htpassword file
The following is how to create the contents of the .htpassword
file, so that it will manage the .htpassword files for
you. Don't open the file to do this -- do it at the prompt