Using .htaccess to lock down your site and pages
Page 1 of 1
Using .htaccess to lock down your site and pages
- Code:
AuthType Basic
AuthName "This Area is Password Protected"
AuthUserFile /full/path/to/.htpasswd
Require valid-user
- Code:
chriscoyier:$apr1$O/BJv...$vIHV9Q7ySPkw6Mv6Kd/ZE/
I usually put .htpasswd files in domain- or home-folders.
eg:
/home/myusername/domains/domain.com/
or
~/var/home/
http://css-tricks.com/snippets/htaccess/password-protect-folders/
Stupid htaccess Trick: Enable File or Directory Access to Your Password-Protected Site
In this brief tutorial, we are going to enable users to access any file or directory of a site that is password-protected via htaccess. There are many reasons for wanting to employ this technique, including:
- Share public resources from an otherwise private site
- Enable visitors to access content during site maintenance
- Testing and formatting of layout and design during development
As a webmaster, I have used this technique on several occasions. This trick works great for allowing access to any number of files, directories, and/or combination of both. We will begin with a generalized example, proceed with an explanatory discussion, and wrap things up with a couple of useful modifications.
A Generalized Example
Here is the basic htaccess code enabling users to access a specific directory and file on your domain:
- Code:
# password protection allowing directory and file access
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null
Require valid-user
SetEnvIf Request_URI "(path/to/directory/)$" allow
SetEnvIf Request_URI "(path/to/file\.php)$" allow
Order allow,deny
Allow from env=allow
Satisfy any
- The phrase “
- Code:
Restricted Area
- Edit the
- Code:
AuthUserFile
- Code:
/home/path/.htpasswd
- Edit the first
- Code:
Request_URI
- Code:
Request_URI
Afterwards, ensure that everything is functioning properly by attempting to access both your password-protected content and newly accessible directory and/or file. To reassure yourself, try using a few free proxies (Google: “free proxy”) to access your various resources.
Discussion
So, how exactly does this fine slice of htaccess code operate? Let’s break it on down..
- Code:
AuthType Basic
- Code:
AuthName "Restricted Area"
- Code:
AuthUserFile /home/path/.htpasswd
- Code:
public_html
- Code:
AuthGroupFile /dev/null
- Code:
Require valid-user
- Code:
SetEnvIf Request_URI "(path/to/directory/)$" allow
- Code:
allow
- Code:
path/to/directory/
- Code:
allow
- Code:
SetEnvIf Request_URI "(path/to/file\.php)$" allow
- Code:
allow
- Code:
path/to/file\.php
- Code:
allow
- Code:
Order allow,deny
- Code:
Allow from env=allow
- Code:
allow
- Code:
Satisfy any
Some tweaks and modifications..
Let’s take a look at a couple of potentially useful modifications..
Allow access to multiple site resources
To allow public user access to more resources, set additional
- Code:
allow
- Code:
# password protection allowing multiple resources
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null
Require valid-user
# allow public access to the following resources
SetEnvIf Request_URI "(path/to/directory_01/)$" allow
SetEnvIf Request_URI "(path/to/directory_02/)$" allow
SetEnvIf Request_URI "(path/to/file\.php)$" allow
SetEnvIf Request_URI "(path/to/file\.html)$" allow
SetEnvIf Request_URI "(path/to/another/resource/)$" allow
SetEnvIf Request_URI "(path/to/yet/another/resource/)$" allow
Order allow,deny
Allow from env=allow
Satisfy any
Allow webmaster and other sites open access to entire site
Here’s the scene: you have the entire site password-protected via htaccess. You also have allowed open, public access to various site resources, directories, etc. Now, what if you also want to provide unrestricted access to the entire domain for certain, key individuals and sites? Easy, just use this lil’ chunk of htaccess goodness:
- Code:
# password protection allowing multiple resources
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null
Require valid-user
# allow public access to the following resources
SetEnvIf Request_URI "(path/to/directory_01/)$" allow
SetEnvIf Request_URI "(path/to/directory_02/)$" allow
SetEnvIf Request_URI "(path/to/file\.php)$" allow
SetEnvIf Request_URI "(path/to/file\.html)$" allow
SetEnvIf Request_URI "(path/to/another/resource/)$" allow
SetEnvIf Request_URI "(path/to/yet/another/resource/)$" allow
Order allow,deny
Allow from env=allow
# allow open access to entire site for select ips and sites
Allow from 777.777.77.7
Allow from 888.888.88.8
Allow from 999.999.99.9
Allow from domains.tld
Allow from website.tld
Allow from example.tld
Satisfy any
http://perishablepress.com/enable-file-or-directory-access-to-your-htaccess-password-protected-site/
Similar topics
» Full and Partial Content Blocking VIA htaccess file
» A great free site to check your web site for broken web links
» if you get stuck and this site does not help try looking at this famous site
» Lock Mac Down To Prevent Unauthorized Access
» seting permissions to your www folder and lock it to your username
» A great free site to check your web site for broken web links
» if you get stuck and this site does not help try looking at this famous site
» Lock Mac Down To Prevent Unauthorized Access
» seting permissions to your www folder and lock it to your username
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|