Note
You are viewing the documentation for an older release of Interworx (7.7). To see documentation for the current generally available release of Interworx, click here: 7.13.
How To Password Protect Files and Directories¶
Note
This task must be completed at the CLI. SiteWorx users who do not have shell access should contact their hosting provider.
htpasswd, in conjunction with an .htaccess file, can be used to password protect specific files and directories.
Detailed information on htpasswd can be found here.
Contents
Creating the htpasswd File¶
Log in to the server at the CLI as either root (if the Server Administrator), or the SiteWorx account shell user, either via SSH or from the terminal
Navigate to directory that needs to be password protected, replacing {unixuser}, {domain.com},. and {directory path} with the corresponding information
cd /home/{unixuser}/{domain.com}/{directory path}
Example, where the directory that needs to be password protected is called
protected
, and is located under the domain’shtml
directory:cd /home/user/example.com/html/protected
Create an .htpasswd file by running the following command, replacing {unixuser}, {domain.com}, {directory path}, and {user} with the corresponding information. {user} should be the user that should have access to the directory.
htpasswd -c /home/{unixuser}/{domain.com}/{directory path}/.htpasswd {user}
Example:
htpasswd -c /home/user/example.com/html/protected/.htpasswd admin
Follow the prompts to create the user password. Example
[root@server protected]# htpasswd -c /home/user/example.com/html/protected/.htpasswd admin New password: Re-type new password: Adding password for user admin [root@gserver protected]#
Run the above command again, ommitting the
-c
flag, for any other users that should have access to the directory Example:[root@server protected]# htpasswd -c /home/user/example.com/html/protected/.htpasswd seconduser New password: Re-type new password: Adding password for user seconduser [root@gserver protected]#
The .htpasswd file includes the list of users that has access to that directory, along with an encrypted password hash. Example:
[root@server protected]# cat .htpasswd admin:$apr1$AlDZ/BuC$wufy0Ugc0Uj8FWXIse3Bb. seconduser:$apr1$udf2IG9M$h/VK.VXagLBYG..uQf4Nu. [root@server protected]#
Update the permissions on the
.htpasswd
file. They should be644
and{unixuser}:{unixuser}
, replacing {unixuser} with the corresponding informationchmod 644 .htpasswd chown {unixuser}:{unixuser} .htpasswd
Creating or Modifying the htaccess File¶
Log in to the server at the CLI as either root (if the Server Administrator), or the SiteWorx account shell user, either via SSH or from the terminal
Navigate to directory that needs to be password protected, replacing {unixuser}, {domain.com},. and {directory path} with the corresponding information
cd /home/{unixuser}/{domain.com}/{directory path}
Example, where the directory that needs to be password protected is called
protected
, and is located under the domain’shtml
directory:cd /home/user/example.com/html/protected
Using a text editor create, or open, a file named
.htacces
. The following example uses the Vim text editor:vim .htaccess
Add the following lines, replacing {path to .htpasswd file}, {file}, and {extension} with the corresponding information where applicable:
To protect the entire directory:
#Protect Directory AuthName "Dialog prompt" AuthType Basic AuthUserFile {path to .htpasswd file} Require valid-user
Example:
#Protect Directory AuthName "Dialog prompt" AuthType Basic AuthUserFile /home/user/example.com/html/protected/.htpasswd Require valid-user
To protect a single file in the directory:
#Protect single file <Files {file}> AuthName "Dialog prompt" AuthType Basic AuthUserFile {path to .htpasswd file} Require valid-user </Files
Example, protecting a file named
testfile.php
:#Protect single file <Files testfile.php> AuthName "Dialog prompt" AuthType Basic AuthUserFile /home/user/example.com/html/protected/.htpasswd Require valid-user </Files
To protect multiple files in the directory:
#Protect multiple files <FilesMatch "^({file}|{file}).{extension}$"> AuthName "Dialog prompt" AuthType Basic AuthUserFile {path to .htpasswd file} Require valid-user </FilesMatch>
Example, protecting files named
testfile.php
andnewfile.php
:#Protect multiple files <FilesMatch "^(testfile|newfile).php$"> AuthName "Dialog prompt" AuthType Basic AuthUserFile {path to .htpasswd file} Require valid-user </FilesMatch>
Save the file, and exit the text editor
Update the permissions on the
.htaccess
file. They should be644
and{unixuser}:{unixuser}
, replacing {unixuser} with the corresponding informationchmod 644 .htaccess chown {unixuser}:{unixuser} .htaccess