Using HTAccess for Password-Protected Web Directories

It's as simple as ABC:

  1. Create a Password File in your Home Directory
  2. Create an .htaccess File in the Web Directory You Wish to Protect
  3. Test Directory Access

If you want to restrict access to one of your web directories on a Unix server, the simplest way to do it is to create a .htaccess file in that directory.

Note: in what follows, you will create an htaccess-username and an htaccess-password. These are different from and not to be confused with your DuckID username and DuckID password.

A. Create a Password File in your Home Directory

  1. Make sure you are in your home directory and NOT your public_html directory. This is important to get right-- if you put your htpasswd file in your public_html directory, for example, the entire world will have access to it.

  2. Type   htpasswd   -c   htpasswd   htaccess-username

    Example: htpasswd -c htpasswd 111

    Replace htaccess-username with the htaccess-username you need to use for password access. For our class, we will all use the class number (110, 111, 122 or 382) as the htaccess-username.

    In the command, the second occurrence of the word htpasswd is the name of the password file. Use this file name.

    The -c switch creates the file htpasswd if it does not exist. If the file does exist, the -c switch first deletes the existing file and then creates a new one. If you have already used this command to create an htpasswd file in another CIS class, then omit the -c switch.

  3. When prompted, enter and verify an htaccess-password.

    For our class, you will use the 4th through 6th digits of your UO ID#, which begins with the digits 95--------.

    It is important to get this right, because your instructor, GTF, and grader will use these digits to access your project directory.

    Example:
    If the UO ID# is: 950-62-4321
    The 4th - 6th digits are: 624

    Example:
    If the UO ID# is: 951-89-6291
    The 4th - 6th digits are: 896

    After you do this, a filename htpasswd will be created in your Unix home directory; the file stores HTACCESS usernames and HTACCESS passwords.

    If an instructor in another class wants to you use HTAccess for that class, you can add entries to this file later by using the htpasswd command shown above, but this time omitting the -c switch:
         htpasswd htpasswd 199

    This command adds an htaccess-username for a course numbered 199 to the existing htpasswd file.

B. Create an .htaccess File in the Web Directory You Wish to Protect

  1. Change directories to the directory that you want to protect. For example

      cd   public_html/secure_directory

  2. Create a file called .htaccess in the directory that you want to protect.

      pico   .htaccess

    It should include the following lines:

    (Note that the entries you make in this file are case sensitive and cannot include spaces, unless the entries are surrounded by quotation marks.)

    AuthUserFile /home13/joeuser/htpasswd

    AuthGroupFile /dev/null

    AuthName "Joe User" (quotes are used since this is a two-word phrase)

    AuthType Basic

    require user joeuser

    1. First, enter the command echo $HOME at the shell prompt. This will tell you the path to your home directory, which you'll need in what follows. Write down and/or memorize the result.

      Example: /home4/suzieQ/
    2. Using the cd command, move to the directory ~/public_html/110/ (or 111, 122, 382, as appropriate):

      cd ~/public_html/111
    3. Create a file named .htaccess using the pico text editor with the command: pico .htaccess
    4. In your browser window, copy the following lines and paste them into the .htaccess file in pico, with these changes: A) replace /home4/susieQ with the path your your home directory that you determined in step 1, above. B) replace 111 with your course number (110, 382, ..)

      AuthUserFile /home4/susieQ/htpasswd
      AuthGroupFile /dev/null
      AuthName "CIS 111"
      AuthType Basic
      require user 111
    5. Save the file in Pico by pressing ctrl-O, pressing enter to confirm the filename, and then pressing ctrl-X to exit pico.

C. Test the Web Directory for Password Protection

Now you can go to your web browser and see if your .htaccess file works.
  1. Enter the URL for your course folder on the server, shell.uoregon.edu.

    Example: URL for SusieQ's 110 folder:
    http://www.uoregon.edu/~susieQ/110/            

    Example: URL for Jacque Bonhomme's 111 folder:
    http://www.uoregon.edu/~jbonhomme/111/        

    Your browser will prompt you to enter the htaccess-username and htaccess-password.

  2. Enter the username and password that you set up in the first part of this exercise and click OK.

    If you are successful, you will see the web page you were trying to access. If you get an error message, make sure you entered the name and password correctly, and check that the .htaccess file contains the correct username in the require user line.