How do I password protect a directory on my Web Site?

If you have a Legacy Advanced or Premium Shell Account or a VPS with Shell access you can set up a simple user authentication.

Let's say you want to restrict access to the directory "secret" to those with a valid username and password.

http:/yourdomainname/secret/

Configuration

Following the steps below.

1. log on to your account using an SSH client.

   Use your account FTP host as hostname (usually your domain name), and the FTP loginname and password that have been provided to you with your setup information.

2. Create a file named .htaccess in your /docs/secret directory that allows only allow one user (Fred) to access the directory. The .htaccess file must reside in the /docs/secret directory in order to control access to the docs/secret directory.

   You can create the .htaccess file while connected SSH to your Virtual Server (using a file editor like pico, for example)
   or you can create the file on your own PC and Upload it via FTP to your Virtual Server. The file should contain the following text:
   Substitute your Virtual Server login name for <loginname> below.

   AuthUserFile /usr/home/<loginname>/etc/.htpasswd
   AuthGroupFile /dev/null
   AuthName MySecrets
   AuthType Basic
   
   <Limit GET>
   require valid-user
   </Limit>

3. Now log on to your account using an SSH client.
   
   Use your account FTP host as hostname (usually your domain name), and the FTP username and password that have been provided to you with your setup information.
   Good SSH clients include:

   • Windows: SecureCRT ( $99), PuTTy (Free)
   • Mac: NiftyTelnet 1.1 SSH (freeware)
     

   You can also check for other free SSH clients for Mac and Windows on the OpenSSH web site.

   SSH Set Up:

   Settings for your SSH software should be:
   

   • Protocol: SSH2
     ( for SSH2, the "SSH Server Type" should be: "Standard")
   • Cipher: 3DES
4. Create a directory/folder named /etc/ and give it permissions 777
5. Use the htpasswd command to set a password for the new user.

   Substitute your Virtual Server login name for loginname below.

   % htpasswd -c /usr/home/loginname/etc/.htpasswd Fred

   You are free to use a different name or directory location for the password file. Just change the /usr/home/loginname/etc/.htpasswd line in the .htaccess file above to whatever you want.

   Note: When adding users to an existing .htpassword file, Don't use the -c flag.
   The -c flag indicates that you are adding a user to the .htpasswd file for the first time. When you add more users and passwords to the same .htpasswd file, do not use the -c flag, as that will erase all your previous entries in the file.

   Use:

   % htpasswd /usr/home/loginname/etc/.htpasswd Bill
   % htpasswd /usr/home/loginname/etc/.htpasswd Rick

NOTE:

When you set up your .htaccess files, you specify the AuthUserFile or AuthGroupFile with respect to your home directory. However, when you set up your .htpasswd files with the htpasswd command you need to prepend /usr/home/loginname to the directory specification.