created your own website…mydomain.com. Nothing elaborate, just a simple way
of expressing yourself on the Internet. You would like to create a password
protected area so that you can post your resume, some pictures of your family
or your portfolio and only give access to certain people. Plus, it just looks
cool! There are many ways to accomplish this and if you have very highly sensitive
material, you may need to learn more secure methods that employ CGI script or
my first website to be a training ground and do not have any illusions that
the site is “hack-proof.” I wanted to see if I could create a simple, no frills,
password protected area on my website, and guess what I discovered?…YOU DON’T
HAVE TO BE A COMPUTER GENIUS TO…Password Protect Your Website!!!
Here’s a step-by-step
guide of what I did. ONE DISCLAIMER. I WILL BE DESCRIBING THE STEPS I TOOK
USING THE WEBHOSTING AND SOFTWARE SERVICES I HAVE CHOSEN. IF YOU HAVE DIFFERENT
BACK-END SUPPORT, YOU WILL HAVE TO ADJUST ACCORDINGLY.
- Web2010 as my
hosting company, using UNIX
- WS_FTPLE (32-bit)
for my file transfer protocol
as my web page designing software
- Telnet program
used to connect to the UNIX Shell on Web2010's servers so I can create and
modify directories and files on my site
- PICO, a simple
text editor in Telnet
types in the address of your website, your web server checks for a file named
.htaccess. (.htaccess has many functions other than triggering password protection,
such as enabling a counter on your website) before displaying the page. If
the .htaccess file is present in a protected directory AND contains the right
code, your server will pop-up a box prompting the user to enter the approved
user name and password.
I did not want
to password protect the first page of my website, but I did want to create an
area where I could limit access. Although, I had not yet decided what to put
in my password protected area, I wanted to create one.
Here’s what I needed
Create a new “protected” directory in the “www” directory on the root
directory of my account (The root directory is the first set of folders and
files that pop up when I connect to my web server. “www” is one of those directories
where all of my web pages are stored);
Create my “.htpasswd” file;
Create a “.htaccess” file. (Note, the “.” Before the “ht” in both!).
IMPORTANT. Using Telnet to create directories and files directly on Web2010’s
UNIX servers is a lot like writing in DOS. You must type all spaces and characters
should always be named in small letters, not CAPS!
- Create a
folder (or directory) called “protected.” First, I went to START on Windows
98, clicked on PROGRAMS then I clicked on my WS_FTP program and connected
to my remote site on Web2010’s servers. WS_FTP will display a split screen
where files on the left-hand side are within my own computer. The several
folders on the right-hand side such as cgibin, docs, logs, www, as well as
files such as .domains and .mreply.rc make up my “root directory” and show
I’ve made a successful connection to my web site. The files I want visible
to people's web browsers are in my Document Root (i.e., the “www” directory).
I opened the “www” directory and clicked MkDir (make directory.) To make
things simple for myself, I called my new directory “protected.” Of course,
it can be named whatever you want.
- Create .htpasswd
within my new “protected” folder (or directory.) Now that I had an empty
directory called “protected,” I needed to fill it with a ".htpasswd"
(note: the spelling of .htpasswd) file and a ".htacess" file. I
had to telnet the UNIX shell on Web2010’s server to create these files. Windows98
comes with a basic Telnet program so I went to START, then RUN and typed telnet
mydomain.com (Hit ENTER). A white screen popped up (in the DOS style)
and prompted me for my login and password. This is the same login and password
that I use to FTP Web2010. What came up was the path to my website on Web2010’s
servers: www26:/mnt/web/guide/yourdomain #. Then, to get inside the
new directory to create my files, I typed cd /mnt/web/guide/mydomain/www/protected.
(Note: space after "cd" and remember to to replace "mydomain"
with your actual domain prefix only and NOT the ".com".) I then
hit ENTER. Once inside the directory, I typed in htpasswd
(no "." before the ht this time) and the screen displayed the commands
used to create the .htpasswd file. It listed off flags I could use. To create
a new .htpasswd file I typed htpasswd –c .htpasswd johnsmith (Note: no "."
before the first "htpasswd" and spaces before and after "-c".
The –c is the flag which indicates that a new file needs to be created and
the first user name I chose was johnsmith. After hitting ENTER, I was prompted
to put in a password for johnsmith and then I confirmed that password. (Of
course, you can pick any user name or password) After the user and password
were entered, the Telnet program displayed the path to my new protected area:
www26://mnt/web/guide/yourdomain/www/protected#. To confirm my work,
I typed cat .htpasswd (Note: space
before ".ht") on that same line and what came up looked like this
- Create .htaccess
within my new “protected” folder (or directory.) Now that my ".htpasswd"
file had been created, it was time to set up my ".htaccess" file
in my new protected directory. On the TELNET screen, the path displayed was:
www26://mnt/web/guide/yourdomain/www/protected#. On that same line
I typed pico, one of the built-in text editors that
is part of the TELNET program. (You can use any text editor, such as NotePad,
but you have to remember to save it as ".txt" and change the file’s
name to .htaccess. You then can upload the file to the directory you want
protected.) I just used PICO because it was the easiest. At the white blank
screen I typed exactly what’s in the box below. OF COURSE, REPLACE YOUR DOMAIN
NAME AND PROTECTED DIRECTORY NAME WHERE INDICATED. IMPORTANT: Capitalization
and spaces matter. Hit ENTER after each line. For ease, I’ve indicated the
spaces with a “*” BUT DON’T ACTUALLY TYPE THE “*.”
After I checked
to make sure I input my actual domain name and the name of my protected directory
in the AuthUserFile above and double-checked capitalization and spaces I hit
CTRL X on the keyboard to save the file in PICO. At the “do you want to save
this modified buffer” prompt, I typed y for yes. I named the file ".htaccess" (no quotes) and hit ENTER.
User Access. After creating my password protected area, I decided to
allow another user to access that directory. I ran my TELNET program again.
Typed in my user name and password. My remote site came up: www26:/mnt/web/guide/yourdomain#.
I changed directories to my protected directory by typing cd
/mnt/web/guide/yourdomain/www/protected. (hit ENTER). Now inside
my password protected directory I typed htpasswd .htpasswd newuser (Note: Remember to type in the name of
your new user. Also, there is no "." before the first "ht",
but there is a "." before the second one. Also, there is space
before ".ht") and hit ENTER. It will prompt you to give a password
for “new user” and confirm it.
Edit .htaccess in PICO. If you’re password protected area is not working,
there may be many reasons. One may be a “typo” in your ".htaccess"
folder. For example, Web2010’s server address begins with /mnt not mnt.
If you think you made this mistake, go back to TELNET. Call up your password
protected directory. In my case that means typing in cd
/mnt/web/guide/yourdomain/www/protected. Hit ENTER. Then type
pico .htaccess. (Note: space
before ".ht") Your .htaccess file in your password protected directory
will pop up and you can edit it and resave (CTRL X) and overwrite the old.
Another problem might be that your directory name is too long. Try to keep
the name of your password protected folder under 12 letters.
- Create index.html.
The first page displayed of any directory is “index.html.” As my final step,
I had to create an index.html page in Dreamweaver and FTP it to my newly created
“protected” directory. I connected to FTP, went into my “www” directory and
then went into my “protected” directory and then I transferred the "index.html"
file. IMPORTANT: Remember to FTP the "index.html" file to the
protected directory or it will appear as the first page of your website.
© 2000-2001 Marlene Hollander. All rights reserved.