Image-Website Hosting Canada logo Maple Leafs and Canadian Flag
Image-server racks, control cards, customer service, networking cards

 Virtual Servers
 Collocation Servers
 Dedicated Servers
 Compare Plans
 Create-a-Server
 Online Support/FAQ
 Web Design
Our Awards

ORDER NOW
 
Image - 30 Day Money Back Guarantee on Hosting Services
 
 
 

What You Need

You will be executing commands directly on the web server, and the only way to do it is via SSH. SSH is basically a secure form of telnet and you can use SSH to do anything you might typically do with telnet. So, you must have a SSH client to connect to the web server via SSH.

You will also need a FTP client if you want to create your .htaccess file on your own system, then upload it to the web server. Please note that if you create your .htaccess file on your system, then FTP it to the web server, you must save the file as plain text on your system and FTP it as ASCII.

The only other thing you need is a FTP/SSH account from WHC. This would simply be your FTP account information that you received when your service started. To connect via SSH you would just use the same hostname, username, and password as your FTP account.

Step By Step Instructions

Let's suppose you want to restrict files in a directory called members to username memberone with password memberonepassword. Here's what to do:

(1) Create a file called .htaccess in directory members that looks like this: 

    AuthUserFile /home/USERNAME/.htpasswd
    AuthName "restricted access"
    AuthType Basic
    <Limit GET>
    require valid-user
    </Limit>

IMPORTANT NOTES:
  • In the AuthUserFile line, replace USERNAME with your ftp username.
  • The .htaccess file MUST be an ASCII text document
    • A .htaccess file can be created in any word processor but MUST be saved as text only
    • IF you upload your .htaccess file via FTP, the FTP client MUST be set to ASCII mode for transfer
  • For security reasons, the .htaccess file on the server cannot be seen in a directory listing. If you don't see it after uploading it, don't worry.

Also note that AuthName can be anything you want. The AuthName field gives the Realm name for which the protection is provided. This name is usually given when a browser prompts for a password, and is also usually used by a browser in correlation with the URL to save the password information you enter so that it can authenticate automatically on the next challenge.

(2) Use the htpasswd command, from your root directory, to create
       a password file called .htpasswd in your root directory:

SSH to your root directory. This is simply done by connecting with your SSH client and NOT entering any path, and NOT changing directories after connecting.

After connecting to your root directory via SSH, enter: 

    htpasswd -c .htpasswd memberone

Type the password -- memberonepassword -- twice as instructed.

That's all. Now try to access a file in directory members -- your browser should demand a username and password, and not give you access to the file if you don't enter memberone and memberonepassword.

Button: Back to top

Multiple Usernames/Passwords

If you want to give access to a directory to more than one username/password pair, follow the steps above to create the .htaccess file and to create the .htpasswd file with one user. Then, add additional users to the .htpasswd file by using the htpasswd command without the -c: 

    htpasswd .htpasswd membertwo
    htpasswd .htpasswd memberthree
    htpasswd .htpasswd memberfour


Changing Passwords

If you want to change the password for an existing user, simply issue the same command as when you added the user. You will then be prompted for a new password. For example, if the user membertwo already exists and you want to change the password, just SSH to your root directory and enter: 

    htpasswd .htpasswd membertwo


Password Protecting Multiple Directories

If you want to password protect multiple directories, and allow all users access to all password protected directories, then all you need to do is put the same .htaccess file in each directory that you want to password protect.

However, if you want to password protect multiple directories, and only allow certain users access to each directory, then you can create a different password file (all in your root directory) for each password protected directory.

Let's say you have 3 different directories (members, admins, board) you want password protected, and each one has a different set of users that you want to allow access. Then just do the following:

Create three .htaccess files and put them in their appropriate directory: 

    AuthUserFile /home/USERNAME/.htpasswd.members
    AuthName "restricted access"
    AuthType Basic
    <Limit GET>

    require valid-user
    </Limit>

    AuthUserFile /home/USERNAME/.htpasswd.admins
    AuthName "restricted access"
    AuthType Basic
    <Limit GET>
    require valid-user
    </Limit>

    AuthUserFile /home/USERNAME/.htpasswd.board
    AuthName "restricted access"
    AuthType Basic
    <Limit GET>

    require valid-user
    </Limit>

      REMEMBER, replace USERNAME with your ftp username (in lower case).

Create three .htpasswd files in your root directory: 

    htpasswd -c .htpasswd.members memberone

    htpasswd -c .htpasswd.admins adminone

    htpasswd -c .htpasswd.board boardmemberone

That's it. Now when you need to add a user to one of the directories, just issue the htpasswd command on the appropriate .htpasswd file.



NOTE: There is NO correspondence between the usernames and passwords used for any WHC accounts on any WHC servers and usernames and passwords in any specific .htpasswd file. A user does NOT need to have an WHC account in order to be validated for access to password protected directories.

Button: Back to top
 

 Sitemap Privacy Site Use Contact us

website optimization services provided by OTR Web Systems Copyright 2001 - 2004 All Rights Reserved