Password protecting a directory (easily.co.uk)

Recently I had some difficulties setting up a password-protected directory on my server, which is hosted at Easily.co.uk.
The response from Easily’s helpdesk was less than encouraging:

Please note that we do not provide such support to help you configure the site.

so I had to make do with the information I could dig up myself on the internet.
After about a week of struggling, and with the help of the good people at this USENET group, I finally managed to get it to work.

I’ve written a quick how-to, which I hope will help anybody else who comes across this problem in the future. Assuming search engines archive this page and people are able to find it, of course…

First of all, don’t try to call your password-protected directory "admin". It seems that Easily have set up some kind of override on authentications for directories with that name. Other names should work OK.

In the directory to be protected, create a text file called .htaccess. This is the file that will control the access to the directory.

The content of the file should be as follows:

AuthUserFile /home/sites/domain/users/username/web/dirname/.htpasswd
AuthType basic
AuthName domain.co.uk
Require valid-user

where domain is the name of your domain, for example http://www.mydomain.co.uk, and username is the username you use to connect to your server via FTP.

The most important part of the .htaccess file is the AuthUserFile parameter. This specifies the location of the password file. Note that the directory is within the user area of your server. Putting it here means that it can’t be downloaded and attacked to find out the passwords.

The next step is to create the password file itself. Create a text file called .htpasswd and upload it to the dirname directory in your user area. The content of the file should look something like this:

bob:Vm3a1yNK60ir6
bill:E0qhQ9Y4u6c3Q
fred:Oxc2T9Bc0ct0Y

where each line specifies a username and an encrypted password. You can generate your own username and password combinations here.

And that should work. The only files you need to have in your protected directory are the .htaccess, your index file, and any other content that belongs there. You can even copy the same .htaccess file to other directories on the same server to protect them too.

References:

Advertisements

Tags: ,