Protecting access to web directories with htaccess



Okay, in an earlier article I was looking at uses of Google that might reveal things you don’t want revealed about your website. Maybe a test directory that you don’t want to be spidered. I want to say that it’s not possible to keep it hidden just by NOT linking to it. That’s what some will suggest, the argument goes along these lines “spiders just follow links, so don’t link to a directory or document you don’t want the web spiders to see.” Spidering bots seem to be a bit more resourceful though, I’ve seen files and folders that I can’t imagine were linked to being picked up in a web search, so how do we prevent that?

For that matter what about the people that might get lucky and guess our testing directory? There’s one answer that can solve both of these problems. It’s done using the .htaccess file.

You’re going to probably need to log into the command shell on your webserver unless your host has a control panel to deal with this. Password protect directories is what we’re going to do.

You need to create a file in the directory that you want to protect, let’s say it’s yourdomain.com/test and the path is /var/www/html/test
AuthUserFile /var/www/html/test/.htpasswd
AuthName protectedtest
AuthType Basic

require valid-user

Ok, this is good save and close, make sure that it is called .htaccess (a period in front of htaccess)

Then make sure you’re in the directory to be protected…

type the following to create the .htpasswd file and setup the first user

htpasswd -c .htpasswd testfolderuser

future users can be added by the following

htpasswd .htpasswd secondtestuser

After each of the above commands you will be prompted for a password for the user and then prompted to confirm it and everything should be set. There are some warnings to go along with this. Don’t put your .htpasswd file in a folder that can be viewed without permission. It’s USUALLY advisable to put it outside of the web-tree somewhere. If you do that, make sure to 1) specify the absolute path in the .htaccess file so .htaccess can find your password list. and 2) when running htpasswd, make sure to specify the absolute path to the .htpasswd file you are changing.

It is possible to have multiple password protected directories using either the same file of usernames and passwords, or a different set of usernames and passwords by using a different filename.

Related Posts

Blog Traffic Exchange Related Posts
  • Custom Error Pages with .htaccess Ok, we've looked at controlling access to directories with .htaccess, but there are other neat tricks we can do that can add a bit of polish to your site. One that I've implemented lately is a custom error page. Now, we've all done this, clicked on a link and get......
  • Site hosting tons of email addresses A little over a year ago I was doing a web search for my email address (something that's worth doing from time to time.) I ran across my name in a text file hosted at a domain called..... http://www.freestuffengine.com/ There is a different site active at that domain now (although......
  • Backing up and restoring MySQL databases In the past few days I've been working on an automated backup system for both my site databases and a few others. I thought I'd take a bit to go through what I've done. It's really simple, but I suspect there are some that either don't realise it's this simple,......
Blog Traffic Exchange Related Websites
  • How to Generate Sitemap Files the Easy Way So you want to generate sitemap files for your website? Finding a sitemap generator that works should be simple… right? Well that’s what I thought too… I was recently working with a customer who had redeveloped their website and now needed a reliable sitemap generator. Once the site was......
  • HostGator Coupon Code - It Works We know that HostGator is one of the famous web hosting service in the world and it is one of the oldest service provider in the market too. With over 12K servers managed world wide, they have helped people to register over 5000K domain names. They are very much proud......
  • How To Adjust Web Hosting Devoid Of Downtime I am positive that if you are visiting this page, you will be interested in change web hosting. Changing from a single internet hosting provider to a different can cause downtime if you do not have the necessary abilities and experience. Here is a step by step guide to aid......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site