Have you ever seen those links which when you click on, it asks for a user name/password with an “Authentication Required” message? You should enter a valid u/p to get access to the content of that directory. This method for authentication or authorization is popular especially in the academic web pages. For example in the course pages it is common that home works are public, every one can download and watch them. But answers are not public, so when you are trying to view them it asks for u/p by a message like this
Authentication Message
In this post I am going to help you to set up a directory like that in your home page. The important thing is that this method works just (I am not 100% sure) on Apache web servers. So first make sure that your web server is Apache. A simple method is to enter an address that does not exist and see the message. Here is an example
Apache Error
And here is the Microsoft’s Internet Information Services (IIS) error message
IIS error
So you can see the name of serer and make sure that you are on the right track. Before I start to explain the method I am going to explain 3 linux commands which you will need in the following. So if you are not a naive linux user skip this part ang go straigtly to main section.
Linux 101
- Connect to the server: To connect to the server you need a ssh client. Previously telnet method was popular but because of its lack of security it is not used widely anymore. Here is an example
ssh access
- make directory: If you want to make a new directory naming NewFolder then you can use this command
mkdir NewFolder
- current path: If you want to know the current path which are working in it you can use the pwd command. You will see something like this in the output
pwd /usr/root/web_docs/
- changing the permissions: For changing the permissions of users to a file or directory you should use chmod command. For example when I say change access of temp.txt file to 644 it means that you should run this command in the terminal:
chmod 644 temp.txt
If you didn’t understand anything then you need more help. I suggest this breif manual by Paul Stothatrd.
Making a password protected directory
Make a new folder which you like to add protection. Let say the folder name is temp and its path is /usr/root/web_docs/temp/ . Give this folder 755 permission using the chmod command. You need to make two new files and put them in this folder in order to add authentication to it. The file names are .htaccess and .htpasswrd in the following sections you can find what is their contents
.htaccess
this file should contain these lines:
AuthUserFile /usr/root/web_docs/temp/.htpasswd AuthGroupFile /dev/null AuthName "Restricted Access" AuthType Basic <limit GET> require user shalam </Limit>
The red parts must/may be changed for your purpose. Red part in the first line is the path of your folder, you MUST replace it with your folder address. The second red part is a message which is shown to the user (see first image pf this post). The last red part in the user name which should be used to access this directory; You may change it to anything you like. After saving this file give it 644 permission.
.htpasswd
This file contains the user name and MD5 coded password which should be used to access your protected directory. The file contains something like this
shalam:$1$xdT/7VZ4$fp0kk3Jvq.53YDYRoeUti0
Username, a colon sign, and then coded password. You can make content of this file using several tools available on the Internet. Just search for “.htpasswd generator” and then you will find thousands of links; this one currently is the first result of google. Don’t forget to set the permission to 644 .
I guess you are done, enjoy it!
