Kaali Global
| Blog|Hands on|
 
HTTP Authentication
When you create a website, you want as many people as possible, to read your pages. There are, however, situations when you want to restrict access to your site's content. For this purpose, HTTP user authentication was designed. This article describes how to set up HTTP user authentication for web servers that use '.htpasswd' and '.htaccess' files, such as the CERN and Apache web servers.Check with your ISP/systems administrator of your hosting company for information if you need information as to which web server they use.
 

With User Authentication you can specify that only certain people can acces your pages, based on :


  • Username/password-level access authorization.
  • Rejection or acceptance of connections based on Internet address of client.
  • A combination of the above two methods.

Access control for a given directory is controlled by a specific file in the directory with the name .htaccess

So let's suppose you want to restrict files of user kaali in a directory called hosting to username user1 and password passwd1.

Here's what to do:

Create a file called .htaccess in kaali's directory hosting that looks like this: 

AuthUserFile /home/kaali/.htpasswd
AuthGroupFile /dev/null
AuthName Kaali Web Hosting
AuthType Basic
require valid-user

AuthUserFile must be the full pathname of the password file. This path can differ per ISP, so you'll have to contact your technical support contact for it, if the above stated example doesn't work.

Also note that in this case there is no group file, so we specify /dev/null (the standard Unix way to say "this file doesn't exist").

Create the password file /home/kaali/.htpasswd

All you need to do is fill in a name, the password and then re-type the password. The password calculator calculates a different encrypted version every time you run it, this is not something to be alarmed about.

Using cut & paste (or by simply typing the password over) you save all the lines in the password file, and upload that file to the server. A normal password file that allows access to User1, User2 john would look something like this :

User1:
User2:

It's crucial that you press enter after each line (the last line should be an empty one, not a line with a password entry in it) and that you upload the file as 'TEXT' or 'ASCII'. Also, keep in mind that these lines are case-sensitive; you should enter a capital as a capital and a lower-case character as a lower-case character.

That's all. Now try to access a file in the hosting directory -- your browser should demand a username and password, and not give you access to the file if you don't enter the correct password. If you are using a browser that doesn't handle authentication, you will not be able to access the document at all.
Hands on...
Author: Arvind Sharma, last update: 11th Sep 2009
Print this page
| Blog |Hands on | Site map |Tips |
© 2005 - 2010 Kaali. All rights reserved.