06-01-2009 : 11h52 min - Disconnected
Dernière modification le 12 agosto 2007

 

Secure a folder with htaccess

Description

We will see how to secure the access to a web server's folder. The web server has to be Apache. You can generate a htaccess file from the form below. This script can't be downloaded but you can use it for free from this page .

The principle is the following : you put a file named '.htaccess' in the folder you want to secure. This file contains several instructions and one of them tells where we can find the file with the authorized users logins. This second file, which I call pass.txt, contains one line per user and will be like this 'login:encrypted password'. The pass.txt file can be anywhere, but it is wise to put it in a totally secured folder. Nobody should have access to this file from a browser, even you.

Creating the files

This first form is for creating the htaccess file (see the howto below):

Title of the login's window :

Folder + file with the logins :

Copy/Paste the code below in a htaccess.txt file :

This second form is for crypting a password and generating the pass.txt file :

Login :

Password to crypt :

Copy/Paste the code below in a pass.txt file :

 

Howto

Complete the forms above to get the htaccess.txt and pass.txt files (you can change the name of the second file). The folder to indicate in the first form is the one containing your passwords. It has to be written with its absolute address from the server's root and the file's name. For example : /var/www/html/my_website/secure/pass.txt.

You can find the absolute address of your folder with the phpinfo() function. You only have to add this instruction in a file and transfer it on your server. Open the file with your browser and you will have many informations, among which the abolute address of your pages

Then transfer these files on your server in the correct folders. htaccess.txt has to be in the folder you want to secure. Rename then htaccess.txt in .htaccess (beginning with a dot).

You have to secure the folder containing the pass.txt file by forbidding the access from the web for everybody (even you). For example, you can put a htaccess file with the following lines :

Authname "Forbidden Access"
AuthType Basic
<LIMIT GET POST>
Deny from all
</LIMIT>

If you have a problem ...

Don't hesitate to ask questions in the forum.