Password Protection:

Introduction This is a tutorial on password protecting directories using .htaccess files. You will need to use Telnet for this one. However, we will walk you through the steps necessary, and try to make this as easy to follow as possible.

About Telnet
First, we should talk about Telnet. Basically, when you use a Telnet program, you are logged in to the server as though you are sitting right in front of it. Think of it like sitting in front of a DOS prompt - with the exception that the computer is running Linux and it is in Florida.

Do not let the Linux operating system intimidate you. It is similar in ways to DOS. If you are familiar with DOS or another command line environment, you should have no trouble at all. To accomplish the task at hand, this tutorial should be simple to follow even if you have no command line experience whatsoever.

For this tutorial, you can use any Telnet client you like. If you are running Windows, you already have one installed. Click on the Start button and select the RUN option then type the word telnet into the box and click OK. This will open Windows Telnet client.

Next, click on Connect from the menu, and click Remote Host. For the Host Name, type in your domain name (eg www.yourdomain.tld), then press enter (the other settings are fine with their defaults).

You will be prompted for a login. Type your username and press Enter. Then you will be asked for a password. Type your password and press Enter.

At this point you should be logged in, and you should see a prompt that looks something like this:

[username@FQ-Six:~ ]$
Username will be replaced with your login name. This is the shell prompt. To make sure you are in the directory you need to be in, type this:

cd /big/dom/xdomain
The name SIX shown above is the name of the server. You may see a name like TAZ, NINE, or SEVEN, etc if you are a different FutureQuest® server. Make sure to replace domain with your domain. Only use the domain name, not domain.tld. You should then see this prompt:

[username@FQ-Six:/big/dom/xdomain ]$
Creating a new user

Step 1: Create Password File

Next we need to create a new user. But first we need somewhere to place our password file. The next step is to create a directory to store the password file. You can call this anything you want, but remember that it is not accessible from the web, so it doesn't have to be hidden. For this tutorial, we will use protect. Type:

mkdir protect
Now that we have a place to store our password file, let's create it. We will call it passwords for this tutorial. To do this, make sure you have a username and password ready. Let's assume the username is john. Type:

htpasswd -c /big/dom/xdomain/protect/passwords john
It will now ask you for a new password for john. It will ask for this twice, to confirm. Type it twice, pressing Enter both times.

Now, if you want to add more users to the passwords file, just type:

htpasswd /big/dom/xdomain/protect/passwords username
where username is the name of the new user to add.

Only use the "-c" to create a new file.

If you need to change a user's password, just type:

htpasswd /big/dom/xdomain/protect/passwords username
You will be prompted for the new password twice. You will not need to type the old password.

We are now finished with the Telnet part, so type exit and press Enter to end the Telnet session.

Step 2: .htaccess
The next step is to create an .htaccess file to be placed in the directory to be protected. This can be done in Notepad unless the directory you are trying to protect is your stats directory. There is already a .htaccess file within your stats directory so you will need to add the following information into the existing .htaccess file while still in telnet.

For your STATS directory: Type

cd ../www/stats {enter}
mcedit .htaccess {enter}

You are now inside of the .htaccess file. For other directories you may use Notepad, to complete the task. Type the following within the .htaccess file either from telnet, if protecting stats, or within a notepad file:

AuthUserFile /big/dom/xdomain/protect/passwords
AuthName "Restricted_Access"
AuthType Basic
require user username
Make sure to replace username with a username that you have entered in your passwords file. You can also use something other than Restricted_Access, as this is the prompt that will be displayed to the user when they are prompted for a password. Note, however, that it can only be a few characters. You should also avoid using spaces with the AuthName to prevent strange behavior with certain browsers.

This will only allow the user specified to have access to this directory. But what if you want more than one user to have access, each with their own username / password?

To do this, change the last line to this:

require valid-user
This will allow anyone entered in the passwords file to have access. Now that this is done, you can save the file and upload it (ASCII / text format) to the directory you want protected. Note that this will also protect any directories inside of that directory. The F2 key will save the file if working within telnet.

You may need to save the file as htaccess.txt, as some text editors will not allow a filename preceded with a dot. (HINT: in Notepad, you can type ".htaccess" with the quotes in the Save As dialog)