Note

You are viewing the documentation for an older release of Interworx (7.7). To see documentation for the current generally available release of Interworx, click here: 7.13.

How To Password Protect Files and Directories

Note

This task must be completed at the CLI. SiteWorx users who do not have shell access should contact their hosting provider.

htpasswd, in conjunction with an .htaccess file, can be used to password protect specific files and directories.

Detailed information on htpasswd can be found here.

Contents

• How To Password Protect Files and Directories

  • Creating the htpasswd File

  • Creating or Modifying the htaccess File

Creating the htpasswd File

1. Log in to the server at the CLI as either root (if the Server Administrator), or the SiteWorx account shell user, either via SSH or from the terminal

2. Navigate to directory that needs to be password protected, replacing {unixuser}, {domain.com},. and {directory path} with the corresponding information

   cd /home/{unixuser}/{domain.com}/{directory path}
   

   Example, where the directory that needs to be password protected is called protected, and is located under the domain’s html directory:

   cd /home/user/example.com/html/protected
   

3. Create an .htpasswd file by running the following command, replacing {unixuser}, {domain.com}, {directory path}, and {user} with the corresponding information. {user} should be the user that should have access to the directory.

   htpasswd -c /home/{unixuser}/{domain.com}/{directory path}/.htpasswd {user}
   

   Example:

   htpasswd -c /home/user/example.com/html/protected/.htpasswd admin
   

4. Follow the prompts to create the user password. Example

   [root@server protected]# htpasswd -c /home/user/example.com/html/protected/.htpasswd admin
   New password:
   Re-type new password:
   Adding password for user admin
   [root@gserver protected]#
   

5. Run the above command again, ommitting the -c flag, for any other users that should have access to the directory Example:

   [root@server protected]# htpasswd -c /home/user/example.com/html/protected/.htpasswd seconduser
   New password:
   Re-type new password:
   Adding password for user seconduser
   [root@gserver protected]#
   

6. The .htpasswd file includes the list of users that has access to that directory, along with an encrypted password hash. Example:

   [root@server protected]# cat .htpasswd
   admin:$apr1$AlDZ/BuC$wufy0Ugc0Uj8FWXIse3Bb.
   seconduser:$apr1$udf2IG9M$h/VK.VXagLBYG..uQf4Nu.
   [root@server protected]#
   

7. Update the permissions on the .htpasswd file. They should be 644 and {unixuser}:{unixuser}, replacing {unixuser} with the corresponding information

   chmod 644 .htpasswd
   chown {unixuser}:{unixuser} .htpasswd
   

Creating or Modifying the htaccess File

1. Log in to the server at the CLI as either root (if the Server Administrator), or the SiteWorx account shell user, either via SSH or from the terminal

2. Navigate to directory that needs to be password protected, replacing {unixuser}, {domain.com},. and {directory path} with the corresponding information

   cd /home/{unixuser}/{domain.com}/{directory path}
   

   Example, where the directory that needs to be password protected is called protected, and is located under the domain’s html directory:

   cd /home/user/example.com/html/protected
   

3. Using a text editor create, or open, a file named .htacces. The following example uses the Vim text editor:

   vim .htaccess
   

4. Add the following lines, replacing {path to .htpasswd file}, {file}, and {extension} with the corresponding information where applicable:

   • To protect the entire directory:

     #Protect Directory
     AuthName "Dialog prompt"
     AuthType Basic
     AuthUserFile {path to .htpasswd file}
     Require valid-user
     

     Example:

     #Protect Directory
     AuthName "Dialog prompt"
     AuthType Basic
     AuthUserFile /home/user/example.com/html/protected/.htpasswd
     Require valid-user
     

   • To protect a single file in the directory:

     #Protect single file
     <Files {file}>
     AuthName "Dialog prompt"
     AuthType Basic
     AuthUserFile {path to .htpasswd file}
     Require valid-user
     </Files
     

     Example, protecting a file named testfile.php:

     #Protect single file
     <Files testfile.php>
     AuthName "Dialog prompt"
     AuthType Basic
     AuthUserFile /home/user/example.com/html/protected/.htpasswd
     Require valid-user
     </Files
     

   • To protect multiple files in the directory:

     #Protect multiple files
     <FilesMatch "^({file}|{file}).{extension}$">
     AuthName "Dialog prompt"
     AuthType Basic
     AuthUserFile {path to .htpasswd file}
     Require valid-user
     </FilesMatch>
     

     Example, protecting files named testfile.php and newfile.php:

     #Protect multiple files
     <FilesMatch "^(testfile|newfile).php$">
     AuthName "Dialog prompt"
     AuthType Basic
     AuthUserFile {path to .htpasswd file}
     Require valid-user
     </FilesMatch>
     

5. Save the file, and exit the text editor

6. Update the permissions on the .htaccess file. They should be 644 and {unixuser}:{unixuser}, replacing {unixuser} with the corresponding information

   chmod 644 .htaccess
   chown {unixuser}:{unixuser} .htaccess