How To: Password Protect Files and Directories ============================================== htpasswd, in conjunction with an .htaccess file, can be used to password protect specific files and directories. Detailed information on htpasswd can be found `here `__. .. contents:: Password Protecting Folders from SiteWorx ----------------------------------------- The following options requires that `htaccess is enabled for the domain in SiteWorx `__. - Information on how to create an htacess file for the domain's html directory can be found `here `__ - Information on how to create an htaccess file for a custom directory can be found `here `__ Creating an htpasswd User ^^^^^^^^^^^^^^^^^^^^^^^^^ #. Log into SiteWorx in the browser (https://ip.ad.dr.ess:2443/siteworx) #. In SiteWorx, navigate to **Hosting Features > Htaccess**, either from the side menu or SiteWorx home #. Click the **Pencil** next to the desired htaccess file. This opens the Directory Options Management page #. Next to htpasswd Users click the **+**. This opens the Add htpasswd User form .. image:: /images/sw-htpasswd.png :alt: htpasswd user option #. Update the required fields: - **Username**: The name of the user - **Password**: The user's password - **Confirm Password**: The same password .. image:: /images/sw-htpasswd-form.png :alt: htpasswd user form #. Click **Save** Enabling Password Protection ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. warning:: Please make sure that there is at least one htpasswd user before enabling password protection. If password protection is enabled, and there are no users listed, no one will be able to access the protected resources. #. Log into SiteWorx in the browser (https://ip.ad.dr.ess:2443/siteworx) #. In SiteWorx, navigate to **Hosting Features > Htaccess**, either from the side menu or SiteWorx home #. Click the **Pencil** next to the desired htaccess file. This opens the Directory Options Management page #. Next to Password Protection click the **key**. This opens the Password protection form .. image:: /images/sw-password-protect-not-enabled.png :alt: password protect option disabled #. Select **Enabled** .. image:: /images/sw-password-protect-enable.png :alt: password protect enable form #. Click **Update** Disabling Password Protection ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ #. Log into SiteWorx in the browser (https://ip.ad.dr.ess:2443/siteworx) #. In SiteWorx, navigate to **Hosting Features > Htaccess**, either from the side menu or SiteWorx home #. Click the **Pencil** next to the desired htaccess file. This opens the Directory Options Management page #. Next to Password Protection click the **key**. This opens the Password protection form .. image:: /images/sw-password-protect-disable.png :alt: password protect option enabled #. Select **Disabled** .. image:: /images/sw-password-protect-enabled.png :alt: password protect disable form #. Click **Update** Password Protecting Folders and Directories from the CLI -------------------------------------------------------- Creating the htpasswd File ^^^^^^^^^^^^^^^^^^^^^^^^^^ #. Log in to the server at the CLI as either root (if the Server Administrator), or the SiteWorx account shell user, either via SSH or from the terminal #. Navigate to directory that needs to be password protected, replacing {unixuser}, {domain.com},. and {directory path} with the corresponding information .. code-block:: cd /home/{unixuser}/{domain.com}/{directory path} Example, where the directory that needs to be password protected is called ``protected``, and is located under the domain's ``html`` directory: .. code-block:: cd /home/user/example.com/html/protected #. Create an .htpasswd file by running the following command, replacing {unixuser}, {domain.com}, {directory path}, and {user} with the corresponding information. {user} should be the user that should have access to the directory. .. code-block:: htpasswd -c /home/{unixuser}/{domain.com}/{directory path}/.htpasswd {user} Example: .. code-block:: htpasswd -c /home/user/example.com/html/protected/.htpasswd admin #. Follow the prompts to create the user password. Example .. code-block:: [root@server protected]# htpasswd -c /home/user/example.com/html/protected/.htpasswd admin New password: Re-type new password: Adding password for user admin [root@gserver protected]# #. Run the above command again, ommitting the ``-c`` flag, for any other users that should have access to the directory Example: .. code-block:: [root@server protected]# htpasswd -c /home/user/example.com/html/protected/.htpasswd seconduser New password: Re-type new password: Adding password for user seconduser [root@gserver protected]# #. The .htpasswd file includes the list of users that has access to that directory, along with an encrypted password hash. Example: .. code-block:: [root@server protected]# cat .htpasswd admin:$apr1$AlDZ/BuC$wufy0Ugc0Uj8FWXIse3Bb. seconduser:$apr1$udf2IG9M$h/VK.VXagLBYG..uQf4Nu. [root@server protected]# #. Update the permissions on the ``.htpasswd`` file. They should be ``644`` and ``{unixuser}:{unixuser}``, replacing {unixuser} with the corresponding information .. code-block:: chmod 644 .htpasswd chown {unixuser}:{unixuser} .htpasswd Creating or Modifying the htaccess File ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ #. Log in to the server at the CLI as either root (if the Server Administrator), or the SiteWorx account shell user, either via SSH or from the terminal #. Navigate to directory that needs to be password protected, replacing {unixuser}, {domain.com},. and {directory path} with the corresponding information .. code-block:: cd /home/{unixuser}/{domain.com}/{directory path} Example, where the directory that needs to be password protected is called ``protected``, and is located under the domain's ``html`` directory: .. code-block:: cd /home/user/example.com/html/protected #. Using a text editor create, or open, a file named ``.htacces``. The following example uses the Vim text editor: .. code-block:: vim .htaccess #. Add the following lines, replacing {path to .htpasswd file}, {file}, and {extension} with the corresponding information where applicable: - To protect the entire directory: .. code-block:: #Protect Directory AuthName "Dialog prompt" AuthType Basic AuthUserFile {path to .htpasswd file} Require valid-user Example: .. code-block:: #Protect Directory AuthName "Dialog prompt" AuthType Basic AuthUserFile /home/user/example.com/html/protected/.htpasswd Require valid-user - To protect a single file in the directory: .. code-block:: #Protect single file AuthName "Dialog prompt" AuthType Basic AuthUserFile {path to .htpasswd file} Require valid-user AuthName "Dialog prompt" AuthType Basic AuthUserFile /home/user/example.com/html/protected/.htpasswd Require valid-user AuthName "Dialog prompt" AuthType Basic AuthUserFile {path to .htpasswd file} Require valid-user Example, protecting files named ``testfile.php`` and ``newfile.php``: .. code-block:: #Protect multiple files AuthName "Dialog prompt" AuthType Basic AuthUserFile {path to .htpasswd file} Require valid-user #. Save the file, and exit the text editor #. Update the permissions on the ``.htaccess`` file. They should be ``644`` and ``{unixuser}:{unixuser}``, replacing {unixuser} with the corresponding information .. code-block:: chmod 644 .htaccess chown {unixuser}:{unixuser} .htaccess