PDA

View Full Version : How to Password Protect a Directory?



SamyT
12-10-2003, 04:47 PM
The manual shows a method that doesn't seem to look anything like my account - so I can't work out how to do this?!?!?!

wildjokerdesign
12-10-2003, 05:12 PM
So where you trying to use the WebPassword Site Application in your Site Manager? http://manual.westhost.com/part7.html#webpassword
Are you on 1.0 or 2.0?

SamyT
12-10-2003, 06:50 PM
Ok looks like there's some old info in the manual...... but even after looking at what you said - it says this...

The directory not exist. Please enter valid
URL. Command add on ValueApp failed.

I'm sorry, but the directory does exist.... so I am stuck again for what to do!

wildjokerdesign
12-10-2003, 08:21 PM
Interesting I just tried it out on my test site and it worked although it was a bit slow to process. Are you entering a full url like this?

http://yourdomain.com/thedirectory

What this program is doing is creating an .htaccess file in that directory that looks like this:

AuthName "WebPasswords Restricted Area"
AuthType Basic
AuthUserFile /usr/local/webpasswords/var/www/html/(this part depends on the name you entered)/passwd
require valid-user

The AuthUserFile is that path to another file called passwd that looks like this
theusernameyouentered:codedpassword

So you can do this manually by creating the two files yourself if you want. The AuthUserFile path would not have to be the same but you would have to make sure it was there and that the file was in it. Now in that file the only thing I can not remember is how to create the coded password. There was refrence to it in the forum at one time and I will see if I can hunt it down.

If you can get WebPassword to work it will be a lot easier.

wildjokerdesign
12-10-2003, 08:36 PM
Ok here is another thread about it http://forums.westhost.com/phpBB2/viewtopic.php?t=572 it mentions htEdit which can be found here http://cgi-central.net/scripts/htedit/?from=fm It looks like it is about the same thing as WebPassword although it seems to have a few more features like more then one user and password. It is free for personal use. BTW CGI Central will install scripts for a fee. This one they will install for $25.00.

Hugh
12-12-2003, 08:00 AM
Re: this post and others:
Seems like a lot of posts and discussion on a topic that was not a problem in the old site manager. Hopefully they are in the process of rectifying this in an updated site mgr. version.

Hugh

torrin
12-12-2003, 09:16 AM
AuthName "WebPasswords Restricted Area"
AuthType Basic
AuthUserFile /usr/local/webpasswords/var/www/html/(this part depends on the name you entered)/passwd
require valid-user

The AuthUserFile is that path to another file called passwd that looks like this
theusernameyouentered:codedpassword

That should probably be .htpasswd so it's not viewable by the public at large. There are rules in the default apache config file that prevent site users from being able to download .ht* files. Is Westhost 2.0 actually naming it passwd or is that a typo?

wildjokerdesign
12-12-2003, 03:51 PM
Nope West Host actually names it passwd. Although it looks like it is in the public html directory it is not. The program seems to reproduce the /var/www/html structure in /usr/local/webpasswords/.

I thought it was a bit strange. Like you I agree it should be .htpasswd and I don't really think there is any reason to follow the same directory structer when you do it manually.

jalal
12-13-2003, 02:37 AM
Because it is outside the web site directories it should be pretty safe. I guess WebPassword does it this way so that it immediately obvious which password file is related to which directory. Otherwise the webpassword scripts would have a hard time figuring out which .htpasswd matched which .htaccess file.
HTEdit stores the .htpasswd in the same directory as the .htaccess file, which is their way of solving the same problem.
If you do it all by hand then you can call the files what you want and put them where you want.