Setting Up Password-Protected Directories

If you want to restrict access to one of your web directories, the simplest way to do it is to create a .htaccess file.

Note: Although htaccess provides reasonable protection to your web pages, it does have some limitations:

Other savvy users who have an account on the same machine as you can potentially navigate through the file system and access your files.
Passwords submitted through a web browser are usually not sent in encrypted form, and thus they could possibly be intercepted.

But even with these two limitations, an htaccess file can still protect you against a wide variety of intrusions on your web files.

Setting Up a Password File

Make sure you are in your home directory and NOT your public_html directory. (This is a critical step, because if you put your passwd file in your public_html directory, than other users will have access to it.)
Type htpasswd -c htpasswd htaccess-username

htpasswd -c htpasswd 111
Replace htaccess-username with the htaccess-username you want to use for password access. For our class, we will all use 111 as the htaccess-username.
In the command, the second occurrence of the word htpasswd is the name of the password file. We recommend using this name.
Note: the -c switch creates the file htpasswd if it does not exist; if it does exist it first deletes the existing file and then creates a new one. If you wish to add a password to an existing file, then omit the -c switch.
When prompted, enter and verify an htaccess-password.

For our class, we will all use the 4th through 6th digits of our student ID #.

It is crucial to get this right, because your instructor, GTF, and grader will use these digits to access your project directory.

Example:
If the student ID is: 950-62-4321
The 4th - 6th digits are: 624
After you do this, an htpasswd file will be created in your home directory; the file stores usernames and passwords for people accessing whatever protected areas you have. You can add entries to this file later by using the following command:
htpasswd htpasswd username

Change directories to the directory that you want to protect. For example

cd public_html/secure_directory

Create a file called .htaccess in the directory that you want to protect.

pico .htaccess

It should include the following lines:

(Note that the entries you make in this file are case sensitive and cannot include spaces, unless the entries are surrounded by quotation marks.)

AuthUserFile /home13/joeuser/htpasswd

AuthGroupFile /dev/null

AuthName "Joe User" (quotes are used since this is a two-word phrase)

AuthType Basic

require user joeuser

Before you open .htaccess with pico, run the command echo $HOME. This will tell you the location of your home directory, which you'll need. Write down the result.
Make sure you're in the public_html/111/ directory by executing the commands:
cd cd public_html/111
Open the .htaccess file in the pico text editor with the command: pico .htaccess

Edit your .htaccess file to look like this:

AuthUserFile /your_home_directory/htpasswd
AuthGroupFile /dev/null
AuthName "CIS 111"
AuthType Basic

require user 111

Save the file by pressing CTL-O, pressing enter to confirm the filename, and then pressing CTL-X to exit pico.

Now you can go to your web browser and see if your .htaccess file works.

Enter a url in your directory. For example, you could enter http://www.uoregon.edu/~username/111/
Your browser will prompt you to enter the username and password.
Enter the username and password that you set up in the first part of this exercise (username: 111, password: digits 4-6 of your student id #.) and click OK.
If you are successful, you will see the web page you were trying to access. If you get an error message, make sure you entered the name and password correctly, and check that the .htaccess file contains the correct username in the require user line.