Password Protecting your web site

Limiting web access using passwords.

Although you cannot password protect a single document, you can require a userid and password to access a directory. Thus any and all documents stored in that directory cannot be view without entering the proper userid and password. For example, you create a directory called "private" that you want to restrict access so that only a select few friends or customers could see the file(s) in it.

This involves the creation of 3 different text files. Below are some examples of what they may look like.

NOTE: The term domain as used in this document is referring to the beginning part of your domain name. Example: Let's assume your web site is "www.kxs.com", your domain name is "kxs.com" - when we refer to domain, we are looking at the "kxs" portion.

Throughout this document we will make use of Quotes "" to emphasize important items. Do NOT use Quotes as part of document or directory names. The period before the file name, however, is important.

You must use full pathnames for all the files. Example: /files9/kxs/web_access/.htpasswd.kxs

The .htaccess file

	Using our example of "kxs"
[filename: .htaccess]	[filename: .htaccess]

AuthUserFile /not-www/.htpasswd.domain	AuthUserFile /web_access/.htpasswd.kxs
AuthGroupFile /not-www/.htgroup.domain	AuthGroupFile /web_access/.htgroup.kxs
AuthName ByPassword	AuthName ByPassword
AuthType Basic	AuthType Basic

<Limit GET>	<Limit GET>
require group users	require group users
</Limit>	</Limit>

The .htgroup file

	Using our example of "kxs"
[filename: .htgroup.domain]	[filename: .htgroup.kxs]

users: johnsmith suzieq bob	users: johnsmith suzieq bob

The .htpasswd file

	Using our example of "kxs"
[filename: .htpasswd.domain]	[filename: .htpasswd.kxs]

johnsmith:hgcrBSZ7XJ6hq	johnsmith:hgcrBSZ7XJ6hq
suzieq:NBc.2KG03ocf.	suzieq:NBc.2KG03ocf.
bob:zEX78QaIqNuee	bob:zEX78QaIqNuee

The file .htaccess goes into the directory that you want to password protect. So, if I wanted to protect:

	Using our example of "kxs"

http://www.yourdomian.com/private/	http://www.kxs.com/private/

then you would put the .htaccess file in /www/private/.htaccess

Make sure that the .htgroup.domain and .htpasswd.domain files are not accessible to the rest of the internet by placing them in a directory outside of your web space ( /not-www ).

When you login to your account, you will see several directories. One of them is called "www". Anything placed into "www" will be immediately available on the web. So before going into "www", make a new directory and call it "web_access". Now when you login, you should see "www" and "web_access" at the same level. Anything you put into "web_access" will NOT be available to the internet. This is where you should put the .htgroup and .htpasswd files.

The directory structure may look something like this:

	Using our example of "kxs"

/not-www/.htgroup.domian	/web_access/.htgroup.kxs
/not-www/.htpasswd.domain	/web_access/.htpasswd.kxs

Put a list of all the usernames that you want to be able to access the site in the .htgroup.domain file. This is a whitespace-separated list of usernames who are in the group 'users' (this is what we put in the .htaccess file where we required a person to be in the group 'users' in order to access the site).

Then, the last thing we need to do is put the users and their encrypted passwords in the .htpasswd.domain file. We have created a web page that allows you to encrypt your passwords. Once encrypted, all you need to do is to cut and paste the information into your .htpassword file and upload it to your site. Be sure to upload the file as "text".

This information is provided for use by KxSŽ customers. Although this page is available for viewing by the general public, we can only provide support for KxSŽ customers.