Password Protecting your Web Pages

These instructions will walk you through password protecting directories in your web site. Further information about the capabilities of the program providing this functionality (htaccess) can be found here.

These instructions require some familiarity with using a UNIX shell. Commands that are supposed to be typed in the UNIX shell will be in blue.

1. Log in to your shell account.
2. Change to the directory you want to protect. cd /home/{your username}/public_html
3. Create or Edit the .htaccess file: pico .htaccess
4. You don't need to use Pico. Any text editor will do. Enter the following into your .htaccess file: AuthUserFile /home/yourusername/public_html/.htpasswd
AuthGroupFile /dev/null
AuthName "Test of Security Stuff"
AuthType Basic

<Limit GET>
require user billy bob

</Limit>


   The text next to AuthName can be set to whatever you like. The names billy and bob are the usernames of the people you want to be able to access the page. They do not need to correspond to usernames on SpiritOne's system. Those usernames can be anything you want.

5. Next, create the password file. This is done by invoking a program called htpasswd. Make sure you're in the directory you want to protect. /usr/bin/htpasswd -c .htpasswd billy

   "billy" is the initial username in the require user portion of the .htaccess file. If you used a different username in the .htaccess file, use that username here in place of "billy".

   /usr/bin/htpasswd .htpasswd bob

   This command adds additional users specified in the .htaccess file you created above. If only one user will be accessing the page, this step can be skipped.

6. Now we have to make sure the web server can find your passwords:
   
   chmod 0604 .htpasswd
7. You're done. Try to access the page you protected now. You should be challenged for a username and password.