|
|
 |
|
|
|
|
|
 |
|
 User's Guide Client List
|
|
12. LIMITING USER ACCESS TO A WEB DIRECTORY You can create a protected directory on your web site that will activate a dialog box on the browser asking for user name and password. Here are instructions for creating a directory named protected to hold files protected by a username and password. This new directory will be created as a subdirectory under your web directory. For security reasons, the file containing user passwords will be created in the top level of your home directory (outside of your web document tree). Create a directory under your web directory to hold your protected file(s). After completing a telnet login, go to your web directory: Type: cd web Create the password protected directory. We are using a directory named protected in this example, but you may use any name you wish. Type: mkdir protected In your new directory, create a text file named .htaccess to tell the web server that this directory is going to require user names and passwords. Remember, the leading period in the file name will make this a hidden file. Go to your protected directory: Type: cd protected To create your .htaccess text file: Type: pico .htaccess Enter these lines into your text file, replacing the word username with your own username:
AuthType Basic
AuthName "Protected Access"
AuthUserFile /home/username/passfile
<Limit GET POST PUT>
Require valid-user
</Limit>
In pico, exit and save your file:
Press <Control-X> Type "y" Press <Enter> Go to the top level of your home directory: Type: cd Create the password file named passfile: Type: htpasswd -c passfile userid In the above command, replace userid with the name that you want to add to the list of allowed users. Htpasswd will then ask you to create and verify the user's password. To add a user to an existing file or to change a user's password, just omit the -c option. That should do it! Any hyperlink to the protected directory or any of it's files should prompt the browser to ask for a user name and password. Here's an explanation of the lines contained in your ".htaccess" file: AuthType BasicThis is a required line. AuthNameThis word or phrase (spaces are allowed) is displayed on the user's browser when the user is asked for a user name and password, and gives some indication as to the authorization realm, so that the visitor knows which user name and password to enter: AuthName "CyberHyper Private Support Area" the browser would say Enter user name for CyberHyper Private Support Area at www.yourdomain.com. AuthUserFileThis is the full pathname to where an encrypted file holding the passwords is located. If this file was named passfile and was located in the top level of Jose's home directory, this line would be: AuthUserFile /home/jose/passfile <Limit GET POST> Require valid-user </Limit>These three lines tell the web server to look for a valid user name and password in the password file specified by "AuthUserFile". If you wish to configure multiple password-protected directories and limit access to each directory to a specific user name and password, you can use a Require directive that specifies that user: <Limit GET POST PUT> Require user username </Limit>For example, to specify that access to this directory should only be allowed to jose, then the directive would read: <Limit GET POST PUT> Require user jose </Limit>
|
|
Copyright © 1995-2009 Clearlight
Communications Inc., Kent, Ohio USA U.S: 877-801-3231 * International: +1.3306771911 * email: sales@clearlight.com |
