This page will show you how to add server side password protection to a directory on your website. It assumes that your web site is hosted on an Apache server (most are). To do this you must be able to use .htaccess configuration files with your webspace. You will have to check with your ISP to see if they allow this. Generally commercial web space providers may allow you but free space providers very rarely will. There are various other weird protection methods involving Java but these methods are often not very secure.
Important: - This page assumes that you are a fairly experienced computer user and know how to use UNIX/Linux telnet commands. If you don't then you may not manage to follow these instructions.
To be able to password a directory, and all the files in it you need to:
A .htaccess file allows you to set up a number of preferences for the folder in which it is places. The example one below is set up to protect the directory at http://www.advancedhtml.co.uk/password/ by only allowing access to this directory if you know a valid username / password combination. /home/username/html/password/ is the UNIX path to the protected directory. You will have to change this line so that it refers to the directory that you want to protect. The encoded passwords are stored at http://www.advancedhtml.co.uk/password/.htpasswd and the configuration file is at http://www.advancedhtml.co.uk/password/.htaccess
To create the password file you will need to use the UNIX program 'htpasswd'. You can either use it directly from your web server if you are allowed shell access or you will have to get access to a UNIX computer and create the .htpasswd file from there. Below is the password file that is in the 'password' directory. The word befor the colon is the user name and the string after the colon is the encoded password.
Below in bold is what you type in to create a user called 'demo' with the password 'password' in a file called '.htpasswd'. The bits in bold are what you type in.
[root@procyon /root]# htpasswd -c .htpasswd demo Adding password for demo. New password: password Re-type new password: password
The '-c' option creates the file. To add more users and passwords to the file simply miss out the '-c' option. The htpasswd program comes as part of the Apache web server.
Password Demonstration - Type in 'demo' for the user and 'password' for the password.
If you get stuck then try downloading my demonstration set of files. All you have to do is upload them change the dirctory path to the password-protected directory and set up the correct file permission. Password Demo Files .
Adding More Security
#Example .htaccess File
deny from all allow from demon.co.uk AuthUserFile /home/username/html/password/.htpasswd AuthGroupFile /dev/null AuthName PasswordDemo AuthType Basic <Limit GET> require valid-user </Limit>
This would only allow access to people who know the right password AND who are on the ISP Demon. This therefore makes it a lot harder for someone from a .com or .net domain name to hack into your protected pages as only demon.co.uk domains are allowed.
You can also ban specific domains, which will prevent people from this domain from accessing any of the pages on your site.
#Example .htaccess File
<Limit GET> order allow,deny deny from badguys.co.uk allow from all </Limit>
This will prevent all people from the badguys.co.uk domain from accessing your site.
I have a page on using .htaccess files for a variety of other purposes.