How To Password Protect Files and Directories 
=============================================

.. note::

   This task must be completed at the CLI. SiteWorx users who do not have shell access should contact their 
   hosting provider.

htpasswd, in conjunction with an .htaccess file, can be used to password protect specific files and directories. 

Detailed information on htpasswd can be found `here <https://httpd.apache.org/docs/current/programs/htpasswd.html>`__.

.. contents::

Creating the htpasswd File
--------------------------

#. Log in to the server at the CLI as either root (if the Server Administrator), or the SiteWorx account shell 
   user, either via SSH or from the terminal
#. Navigate to directory that needs to be password protected, replacing {unixuser}, {domain.com},. and {directory path}
   with the corresponding information
   
   .. code-block::

      cd /home/{unixuser}/{domain.com}/{directory path}
 
   Example, where the directory that needs to be password protected is called ``protected``, and is located 
   under the domain's ``html`` directory:

   .. code-block::

      cd /home/user/example.com/html/protected

#. Create an .htpasswd file by running the following command, replacing {unixuser}, {domain.com}, {directory path}, 
   and {user} with the corresponding information. {user} should be the user that should have access to the directory. 
   
   .. code-block::

      htpasswd -c /home/{unixuser}/{domain.com}/{directory path}/.htpasswd {user}  

   Example:

   .. code-block::

      htpasswd -c /home/user/example.com/html/protected/.htpasswd admin


#. Follow the prompts to create the user password. Example

   .. code-block::

      [root@server protected]# htpasswd -c /home/user/example.com/html/protected/.htpasswd admin
      New password:
      Re-type new password:
      Adding password for user admin
      [root@gserver protected]#

#. Run the above command again, ommitting the ``-c`` flag, for any other users that should have access to the directory
   Example: 

   .. code-block::

      [root@server protected]# htpasswd -c /home/user/example.com/html/protected/.htpasswd seconduser
      New password:
      Re-type new password:
      Adding password for user seconduser
      [root@gserver protected]#

#. The .htpasswd file includes the list of users that has access to that directory, along with an encrypted 
   password hash. Example:

   .. code-block::

      [root@server protected]# cat .htpasswd
      admin:$apr1$AlDZ/BuC$wufy0Ugc0Uj8FWXIse3Bb.
      seconduser:$apr1$udf2IG9M$h/VK.VXagLBYG..uQf4Nu.
      [root@server protected]#

#. Update the permissions on the ``.htpasswd`` file. They should be ``644`` and ``{unixuser}:{unixuser}``, replacing 
   {unixuser} with the corresponding information

   .. code-block::

      chmod 644 .htpasswd
      chown {unixuser}:{unixuser} .htpasswd

Creating or Modifying the htaccess File
---------------------------------------

#. Log in to the server at the CLI as either root (if the Server Administrator), or the SiteWorx account shell 
   user, either via SSH or from the terminal
#. Navigate to directory that needs to be password protected, replacing {unixuser}, {domain.com},. and {directory path}
   with the corresponding information
   
   .. code-block::

      cd /home/{unixuser}/{domain.com}/{directory path}
 
   Example, where the directory that needs to be password protected is called ``protected``, and is located 
   under the domain's ``html`` directory:

   .. code-block::

      cd /home/user/example.com/html/protected

#. Using a text editor create, or open, a file named ``.htacces``. The following example uses the Vim text editor:
   
   .. code-block::

      vim .htaccess  

#. Add the following lines, replacing {path to .htpasswd file}, {file}, and {extension} with the corresponding 
   information where applicable:  

   - To protect the entire directory: 

     .. code-block::

        #Protect Directory
        AuthName "Dialog prompt"
        AuthType Basic
        AuthUserFile {path to .htpasswd file}
        Require valid-user

     Example:

     .. code-block::

        #Protect Directory
        AuthName "Dialog prompt"
        AuthType Basic
        AuthUserFile /home/user/example.com/html/protected/.htpasswd
        Require valid-user

   - To protect a single file in the directory:
    
     .. code-block::

        #Protect single file
        <Files {file}>
        AuthName "Dialog prompt"
        AuthType Basic
        AuthUserFile {path to .htpasswd file}
        Require valid-user
        </Files

     Example, protecting a file named ``testfile.php``:

     .. code-block::

        #Protect single file
        <Files testfile.php>
        AuthName "Dialog prompt"
        AuthType Basic
        AuthUserFile /home/user/example.com/html/protected/.htpasswd
        Require valid-user
        </Files

   - To protect multiple files in the directory:
  
     .. code-block::

        #Protect multiple files
        <FilesMatch "^({file}|{file}).{extension}$">
        AuthName "Dialog prompt"
        AuthType Basic
        AuthUserFile {path to .htpasswd file}
        Require valid-user
        </FilesMatch>

     Example, protecting files named ``testfile.php`` and ``newfile.php``:

     .. code-block::

        #Protect multiple files
        <FilesMatch "^(testfile|newfile).php$">
        AuthName "Dialog prompt"
        AuthType Basic
        AuthUserFile {path to .htpasswd file}
        Require valid-user
        </FilesMatch>

#. Save the file, and exit the text editor

#. Update the permissions on the ``.htaccess`` file. They should be ``644`` and ``{unixuser}:{unixuser}``, replacing 
   {unixuser} with the corresponding information

   .. code-block::

      chmod 644 .htaccess
      chown {unixuser}:{unixuser} .htaccess