Topics

You can actually make as many private or restricted areas in your site as you wish. The area that needs to be password protected has to be in a separate folder from the rest of the site, and it can be in an other existing folder if your site already has such a more complex structure (nested folders), or just be right in your "home" folder (check the drawing below), which is where your main index file (home page) is located.

All you need to restrict access to a folder, is the presence of two files:

.htaccess

and a password file which can be called whatever you wish, however, we suggest you use the name "members" for that password file name as the server is configured not to show the files ".htaccess" and "members" in a index of a directory which is generated automatically by the web server when no index page is present in that folder. (See the index filenames available)

To make things even more secure, it is suggested to locate the members file "outside" of the "web tree", that means outside of the home folder or any other subfolder of it. Because although the web server may be configured not to list or reveal the presence of such files, it is better to place it outside of the reach of users. Our suggestion is to make a folder in your root account folder dedicated only to place password files in it, the name of such folder and even the name of the password file(s) aren't limited, you can pretty much call them whatever you wish, as long as you point the .htaccess file to them properly. This allows using the same password file for different areas of the site and manage members in a centralized place.

These two files are all that's needed to handle the protection. The .htaccess file name must be exactly spelled as it is here, with the leading . in front of it, and it must be lowercase. This file is plain text and can be created right on your PC with a text editor such as simpletext on the Mac and the notepad on the Wintel PC. The unix users won't have any problem knowing what to do on their system to create such file.

The .htaccess file, once created, can become an integral part of the web site to be uploaded, and can be placed right in the folder to protect, along with the pages and other parts of the site. This file would then get uploaded with the rest and be in the right location automatically. Then all that would be left to do is to create the "members" file on the server. See more details at the bottom of this page on creating it on the server.

The members file could be created along with the .htaccess file, but the password will have to be generated on the server, with the htpasswd utility. That's because the passwords are encrypted and the creation of such encrypted password can only be done right on the server.

The users of Wintel PCs may have some problems creating the .htaccess file because of the . and filename rules, which doesn't let a filename start with a . while it's common under unix. The .htaccess file needs these few lines:

AuthUserFile /usr/users/yourusername/home/yourfoldername/members AuthName Private Directory AuthType Basic   <Limit GET POST PUT> require user guest </Limit>

This is just a generic example and will not work as is, because you will have to customize it to your situation as follows:

• The first line must have the absolute path to your password file as the argument of the AuthUserFile option. Only the fully qualified (absolute) path will work. If you aren't sure about your exact path, ask the webmaster to give it to you. But most of the time, if your site doesn't have its own Domain name, your account root folder will be located in /usr/users and the actual folder name for your account will most of the time be also your user ID, so in this line (see the example above) the "yourusername" part must be replaced by your user ID, and the "yourfoldername" part will be the folder you wish to restrict the access to. But for a better protection, the password file could be located "outside" of the "document tree", which is outside of the folder called "home". The best place would be in a special folder placed in your own "account root folder" or eventually right in it, but it's more secure in its own folder. See the bit on permissions to make it as secure as possible.
• The second line contains what will be the name (or realm name) of the area you are protecting and will be shown as the title of the authentication window in the user's browsers.
• Leave the third line as shown above.
• The only line left to customize is the one that starts with "require", leave the word "user" as it is in the example above and change the word "guest" to anything you wish to be the name of the user to authenticate, you can keep "guest" and have all users login as such, with the same password for everyone, or you can add as many user names as you wish like the example below:

  • require user bob mary harry john becky....

If you plan on having many such users, it may be better to simply have one or a few users and have many log on as the same user. It is also possible to have groups and users, but this would be a little more complex and is not within the scope of this basic explanation.

Creating the members file on the server

The members file (or whatever else you chose to call it) can be created right on the orbhost server in a few moments. You will need a telnet client, which probably came with your operating system, and you will need to logon to the server (see the instructions to logon), then you can move into the location where the file is to be created and use the text editor "pico" to create the file. For example the command "pico members" will work on the members file and create it if it doesn't exist.

Make it more secure with tighter permissions

By taking basic precautions with the permission settings on your files, you can make your private areas more secure. Also by following a few basic rules, you can avoid opening your private files up to prying eyes.

Click here to learn about permissions.

orbhost's Support

Check the How Do I page for answers to many of the most common basic questions  Hit Counter  FTP login  Telnet login  Basic UNIX  Basic CGI  permissions  E-mail & Mailboxes  Web design Tips and tools  Search Engines Hints & strategies  Shopping cart Also check the external links about Minivend  Database Also check the external links about MySQL

External Links

MySQL site Relational database  Minivend site Shopping cart  wwwcount Graphical hit counter  Perl Links  Search engines Info & resources

In case of emergency

E-mail the tech support or you can also try contacting the system administrator directly on ICQ at #18164451