How can I restrict access to my website?

This document demonstrates the use .htaccess to restrict access to web documents by user and password.

The Restricted Access Document

The document "Restricted Information" is only available to user test with password purple and user sheree with password apple. The first time you click on "Restricted Information", your web browser should prompt you for a user name and password. If it does not you may be using a web browser which is not HTTP authentication capable.

Ingredients

  • The web document to be protected.

    Actually, access is restricted by directory so all files in the same directory will be protected.

  • The file .htaccess.

    This file should be in the directory which contains the documents to restrict access to. The contents of this file specify the name of the password file.

    For example if you had the user jdoe with web documents in the local directory "/web/yourdomain.com/www/private_html" that you wanted to restrict access to, your .htaccess might look like:

    AuthUserFile /web/yourdomain.com/www/private_html/.htpasswd
    AuthName jdoe-private_html
    AuthType Basic
    <Limit GET>
    require valid-user
    </Limit>

    Note that .htaccess will not work if there are extra spaces after AuthUserFile.

  • The file .htpasswd.

    This file contains the passwords of the users.

    To create the .htpasswd file log in to this server using telnet, change directory to the directory you want to restrict access to, and type:

    htpasswd -c .htpasswd someuser

    for the first user (where someuser is the username). You will then be prompted twice for the user's password. The -c option causes the .htpasswd file to be created. For each additional user type:

    htpasswd .htpasswd someuser

NOTE: There is no correspondence between the usernames and passwords used for accounts on this server and usernames and passwords in any specific .htpasswd file. A user doesn't need to have an account on this system in order to be validated for access to files protected by HTTP-based authentication.

Further Study

This example limits access by user and password, however you can also restrict access by domain. To find out more read the Mosaic User Authentication Tutorial.


GIVE US A CALL
(888) 826-4687 Toll Free in the US
(888) 222-6263 Toll Free in Canada
(405) 236-8200 International Calls


SERVICES | SUPPORT | SIGN-UP | WHOIS | RESELLING | CO-LOCATION | INTERNATIONAL
Comments and Suggestions?

© 1997 Animus Communications, Inc.
All rights reserved. Updated June 6 1997