================================================================================
#show who owns it
dig DOMAIN
================================================================================
#show DNS resolution for it
host DOMAIN
================================================================================
#get a sites files
wget DOMAIN
================================================================================
#puse files to site
curl OPTIONS DOMAIN FILES
================================================================================
#setup password for page
If you don't know the username and password to enter, then you can't access
the page or site - it's "password protected". It's sometimes handy to be able
to password protect your pages like this - for example:
*
You're building a new site, but you only want yourself (and maybe a
select few) to be able to view the work-in-progress.
*
You have an area of your site that you never want the general public to
have access to - for example, your web stats or private pages.
*
You have some paid (subscription) content on your site that only
subscribers should be able to access.
Apache lets you password protect individual files, folders, or your entire
site fairly easily. Read on to find out how it's done.
How it works
To add password protection to your pages, you need to do the following two
things:
1.
Create a text file on your server that will store your username and
password.
2.
Create a special file called .htaccess in the folder you want to
protect.
That's it! Now let's take a look at how to do each step.
Creating the password file
The first step is to create a simple text file that will store your username
and password, separated by a colon (:). The small catch is that the password
must be encrypted. Luckily, there are many free web-based utilities that will
encrypt the password for you. Try one of these:
* 4WebHelp's online .htpasswd encryption tool
* Alterlinks .htaccess password generator
* htmlite's htpasswd encryption page
Simply enter your desired username and password in one of these pages and
submit the form. You'll get back a string similar to the following:
fred:p29cmnwl4a0et
Now, open up your favourite text editor (e.g. Notepad or TextEdit), then copy
and paste the username/password string into the editor. Save the file and
call it .htpasswd.
Next, upload this file to your website. Make sure you place it outside the
Web root of your site if possible, as you don't want just anyone to be able
to view the file! For example, place it above your public_html or htdocs
folder. (Having said this, Apache is often set up by default to block
web-based access to files beginning with .ht. Better safe than sorry though!)
If you can't place your .htpasswd file outside your Web root, name it
something that's not easily guessable - for example, .raxuymwp - so that
people won't be able to find it easily.
Alternative: Creating the password file using htpasswd
If you have SSH access to your web server (or you're running Apache on a
local machine), you can encrypt your password and add it to your password
file in one go by using the htpasswd utility that comes with Apache. Simply
SSH to your server or open up a terminal window on your local machine, cd to
the folder where you want to create your password file, and type:
htpasswd -c .htpasswd fred
(where fred is the username you want to use). You'll be prompted to enter and
retype your password, then the .htpasswd file will be created for you.
Creating the .htaccess file
Now that you have created and uploaded your password file, you need to tell
Apache to use it to protect your page(s) or site. This is what your .htaccess
file will do.
Open your text editor again, create a new file, and save it as .htaccess.
Protecting a folder
To password protect a folder on your site, you need to put the following code
in your .htaccess file:
AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "My Secret Folder"
Require valid-user
/full/path/to/.htpasswd should be the full path to the .htpasswd file that
you uploaded earlier. The full path is the path to the file from the Web
server's volume root - for example, /home/username/.htpasswd or
C:\wwwroot\username\.htpasswd. (If you're not sure of the full path to your
site or home directory, ask your Web hosting company for this info.)
The above .htaccess file will password protect all files in the folder that
it is placed in, and all sub-folders under that folder too. So if you wanted
to password protect your entire site, you would place the .htaccess file in
your Web root folder.
Protecting a file
To password protect just a single file in a folder, use the following
.htaccess file:
AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "My Secret Page"
Require valid-user
This will password protect just the mypage.html file in the folder where you
put the .htaccess file.
Uploading the .htaccess file
Once you've created your .htaccess file, upload it to your website, placing
it in the folder (or folder containing the file) that you want to protect.
Testing it out
Now use your Web browser to visit the folder or file that you've protected.
You should see a password dialog like the one shown at the start of this
tutorial. Type in the username and (unencrypted) password that you chose
earlier, and you should be given access to your folder or file!
(By the way: with this type of password protection, you continue to have
access to the password protected stuff until you restart your browser.)
Problems?
If you can't access your stuff and the dialog keeps popping up, check that
you entered the username and password correctly. If it still doesn't work,
check the path to your .htpasswd file on the server - make sure the path
specified in the AuthUserFile directive is correct. Also make sure that both
the .htpasswd and .htaccess files are readable by the Web server user (chmod
644 should do the trick for UNIX/Linux/FreeBSD servers).
If the password protection isn't working (i.e. you can still access your
stuff without needing to enter a username/password), check that you uploaded
your .htaccess file to the right folder. Also check that your web server
supports .htaccess password protection (it needs to be an Apache server, and
your server admin needs to have enabled the AuthConfig override for your
site).
Password protecting more stuff
* If you want to password protect other folders (that aren't under the
* currently protected folder), simply copy your .htaccess file to the new
* folder to be protected.
* To password protect more than one file in the same folder, just create
* more blocks within the same .htaccess file - for
* example:
AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "My Secret Page"
Require valid-user
Require valid-user
Adding more usernames and passwords
You're not restricted to just one username/password. If you want to add other
usernames and passwords, simply repeat the "Creating the password file"
procedure above, but add each new username/password line to your existing
.htpasswd file, e.g.:
fred:p29cmnwl4a0et
linda:vwp45xakfh89
Alternatively, if you're using htpasswd to create your passwords, as
described earlier, then you can add extra users with the command:
htpasswd .htpasswd linda
(where linda is the username you want to add). Make sure you don't include
the -c option when adding additional users, or htpasswd will attempt to
create a new password file!
Further info
For full information on Apache's mod_auth module (the module that does
password protection, amongst other things), see the Apache mod_auth
documentation.
================================================================================
Have the page list its info (filename, last modified) with each load.
| Document:
|
|
| URL:
|
|
| Last updated:
|
|
================================================================================