We recognize that our users have varying levels of expertise and would like to underline that the following advice is structured for those with no expertise. Those with expertise may wish to not follow our advice. However, we recommend the following approach to password protection and cannot comment on any variations to our approach. Following our advice will allow you to password protect a directory. Not following our advice may lead to protection not working.
In the example shown below, the username is dsl. So, all paths reflect a reference to the username dsl. Your path should reflect a reference to your username. In our example, the directory being protected is named restricted . So, all paths reflect a reference to the protected directory named restricted. Your path should reflect a reference to the name of the directory you wish to protect.In our example, the authorization file (AuthUserFile) is named dslprotect. So, all relevant paths reflect the AuthUserFile named dslprotect . Your path should reflect a reference to the name of your AuthUserFile.In our example, the .htaccess file reflects a path built around the username dsl, the directory named restricted , and the AuthUserFile named dslprotect . Your path should reflect a reference to your username, the name of your protected directory, and the name of your AuthUserFile.
There are four steps to setting up password-protected site directories. These steps should be followed as noted below (where www.example.com represents your domain name):
- Creation of the AuthUserFile and its placement in your home directory on webhost.sover.net
- Configuration of the .htaccess file and its placement in the directory you wish to protect (usually a directory in the www.example.com directory) on webhost.sover.net
- Adjustment of the access.cgi script and its placement in the directory named cgi (do not change the directory permissions) in your www.example.com directory on webhost.sovet.net.
The cgi directory is to be created by you. Make sure you do not change permissions on the new cgi directory when you create it. Running the access.cgi script and inputting the username/password of those to whom you wish to grant access.
For this example the username is dsl. dsl wishes to set-up password protection for a particular directory at her/his web site. For this example that directory is called restricted.
Steps for the implementation of password protection for the username dsl and the directory named restricted are below:
The AuthUserFile is named dslprotect (in this example). You may name this file anything you desire. Create this file using a text editor and save it as a straight (plain) ASCII text file, with whatever name you wish, and no file extension. If you use a word-processor, be doubly sure the saved file is in plain text; some processors try to insert formatting automatically. FTP the file to your home directory on the webhost.sover.net server. This file will contain all relevant usernames and encrypted passwords generated (by your direction) through use of the access.cgi script, and will be referenced in the .htaccess file, as shown below.
- Next, create the .htaccess file. Again, use a text editor/word-processor and save the file as a plain text file, with no file extension.The name MUST be exactly as shown, including the “.” (period) in front. The configuration shown below, for the example directory named restricted, must be typed exactly as shown, replacing the directory name (restricted) and the path for the AuthUserFile with your own information. The file .htaccess MUST reside in the directory you wish to protect:
AuthName "Access into the directory restricted"
The path for your AuthUserFile is determined as follows:
/home = refers to being in your home directory on the server.
/d =replace the d with the first letter of your username
/s = replace the s with the second letter of your username
/dsl = replace the example username, dsl, with your username
/dslprotect = replace the example name for the AuthUserFile with the name you gave your AuthUserFile
- Download the access.cgi file and open it in your text editor. Look for the following line:
You should see it near the top of the file, following the copyright information. Replace the words as indicated in our example, using the name of your protected directory, and the path to your AuthUserFile as determined in step 2 above. In our example for user dsl, the adjusted access.cgi script portion is as follows:
restricted refers to the directory that is being password protected
dslprotect refers to the name of the AuthUserFile residing in the dsl home directory, where usernames and encrypted passwords (encryption done automatically by the modified access.cgi script) will reside.
/d/s/dsl refers to the path to the AuthUserFile as determined in step 2
Make sure there are no blank lines at the topmost portion of your adjusted access.cgi script.
Once this file is adjusted/saved with the name access.cgi, it must be FTP'd to the directory named cgi in the www directory found in your home directory on webhost.sover.net. Do not change the directory permissions, but make sure that proper permissions are set on this script. This can be done through the use of your FTP client. The permissions should be 705 (ie: owner can read, write, execute; world/others can read, execute). If you are not familiar with the setting of permissions, you must become so. Check the help files supplied with your FTP client.
- Once the above files are in their proper places you must run the access.cgi script.
In order to run the script in our example we would type the URL for it in a browser’s address bar:
Replace “exampledomain.com” with your own domain name; the CGI directory and access.cgi portion of the URL should work as is, if you have followed these instructions. A prompt will ask you to create the admin password. The script will create a file to store this info.
Next, you’ll be prompted to create the usernames and passwords for those to whom you wish to grant access. The script will create a file to store this info as well.
Once you have done this, and distributed relevant usernames & passwords, individuals will be able to enter your restricted directory. For an example, visit http://www.dsl.windham.vt.us/restricted/Wemust.html. Input a username of leach and password, realpeople.
Tip—Once you have your access.cgi script up and running, there may come a time when you forget your admin password. Should this happen, simply FTP into your CGI directory and delete the file named password.txt. This file was created automatically when you first ran your script. It contains the admin password.
Once this file is deleted, return to your access.cgi URL (which you, certainly, have bookmarked) and you'll be asked to select a new admin password. Do so and you'll be off and running again.
Deletion of the password.txt file will not affect any usernames/passwords you have assigned to those to whom you have granted access to your protected directory (all of which you, presumably, have written down somewhere).