Newbie dot Org HomePage
Visit one of our web buddies
Xxaxx's Xperimints #3
.htaccess

This funny named file ".htaccess" can do many things. One thing it can do is define whether or not SSI includes are turned on. The following code turns on SSI and tells the server that the file extention to operate SSI on is ".shtml":

Options Includes
AddType text/x-server-parsed-html .shtml

Oops, we forgot to define SSI. "SSI" is Server Side Includes. We'll go into what they are and how they work in a differen Xxaxxperiment. For the record the above does work. (At least on a server I am hosted by running Apache.)

Another thing that the ".htaccess" file is good for is password protecting a directory.

If we put the following file .htaccess into a directory.

AuthUserFile /home/n/ne/newbie/public_html/gazette/xxaxx/testvault/.htpasswd
AuthGroupFile /dev/null
AuthName Xxaxxperiment Text Vault
AuthType Basic
 
<Limit GET POST>
require valid-user
</Limit>

For example we could put it into the directory /home/n/ne/newbie/public_html/gazette/xxaxx/testvault/. Then any browser requesting any file from that directory, http://www.newbie.org/gazette/xxaxx/testvault/whatever.html for example, will be required to enter a valid user id and password. This user id and password will be verified before the requested material will be sent to the user.

In addition to the directory in which the ".htaccess" file is stored being protected any directory below that directory is protected as well. For example:

http://www.newbie.org/gazette/xxaxx/testvault/
http://www.newbie.org/gazette/xxaxx/testvault/another
http://www.newbie.org/gazette/xxaxx/testvault/another/evenanother/
etc.

All of these directories will be password protected (requiring authentification) from that one .htaccess file. (Please note for the record, this can be modified by putting separate .htaccess into any subdirectory that one wishes. This new ".htaccess" file will take over.)

Going back to that funny looking file:

AuthUserFile /home/n/ne/newbie/public_html/gazette/xxaxx/testvault/.htpasswd
AuthGroupFile /dev/null
AuthName Xxaxxperiment Text Vault
AuthType Basic
 
<Limit GET POST>
require valid-user
</Limit>

The first line >AuthUserFile, tells the webserver where to find your username/password file.

You will note that this directory name is in its raw format. No funny virtual domain names are allowed. The raw machine directory structure is used. You must use the full machine name for the directory. If you don't know it you can find it using the pwd (present working directory) command. For example:

pwd [enter]
/home/n/ne/newbie/public_html/gazette/xxaxx/testvault

I don't know much about that >AuthGroupFile thingie yet. Since we are not using it at the moment why not just ignore it for now? I can tell you that the /dev/null is a kind of "it don't exist" setting.

The >AuthName (in this case "Xxaxxperiment Text Vault") is a text string that will show up on the browser authentification screen. It is presented to browsers trying to gain access to the protected directories.

The rest of the file is a magical incantation. Later we can look at other options. For the moment just leave them alone and use them as is.


For authentification to work you will need two things in the protected directory.

1) an .htaccess file (similar to the above only modified for your account)

2) an .htpasswd file.

The .htpasswd file will contain the list of users and their passwords.

".htaccess" is created by you using a text editor.

".htpasswd" is created by the htpasswd program. (Please note: you could use a different name than .htaccess. If you do you need to use the same name in the first line of the .htaccess file. Most folks by habit call it .htpasswd. In case you were wondering the . is justed used to make the file invisible in the Linux environment.)

Steps to creating the .htaccess:

>telnet into your account. You will need user name and password.

>cd to the directory you wish to protect
>cd public_html/gazette/xxaxx/testvault -- in my case.

>mkdir might be needed to create the directory if it doesn't exist.

>pwd -- to find machine address of that directory.

>pico .htaccess -- (or other editor) to create file.

enter values as defined above.

control-x to exit pico

htpasswd -c .htpasswd username -- to create the .htpasswd file and enter a password for the first user (in this case called username).

htpasswd .htpasswd username2 -- to add more user/password combinations to the same file.

htpasswd .htpasswd username -- to change password on existing user.

pico .htpasswd -- to delete a user from file

Thats it. Pretty simple actually.

To test the authentification try these links:

http://www.newbie.org/gazette/xxaxx/testvault/
http://www.newbie.org/gazette/xxaxx/testvault/another
http://www.newbie.org/gazette/xxaxx/testvault/another/evenanother/

Authentification ScreenYou should first see the prompt window (or something like it) shown to the left. The user name is entered into the User Name: part. And, you guessed it, the password is entered into the Password: part. This much is obvious from the screen. The part that might not be obvious is that the characters are converted into '*' as one types in the password. Thus keeping folks from reading it over your shoulder.


Authentification Failure ScreenIf you fail to input the correct username/password combination you get the screen pictured to the left. It is not enough to have a valid username and a valid password. You must have the username and password match as a pair. ;-)


On the system I tried there is some kind of monkey business so that even the same password shows up looking different in the file. So it's not possible to create a database of passwords and match.

 

Notes:

Here is what the .htpasswd file looks like for this test system:

guest:mNuexarP.GWuw
guest2:XJfKOGmnS9/0.
Both guest and guest2 have the same password 'test'. You will note however that the stored encrypted password is totally different.

 
When I use pico with long directory names for the password file I get the following error when trying to load the file.

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaven@dnai.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

This error is caused by the fact that the version of pico I am using causes the long directory name to word wrap to the next line with a break in the line:
AuthUserFile
/home/n/ne/newbie/public_html/gazette/xxaxx/testvault/.htpasswd
AuthGroupFile /dev/null
AuthName Xxaxxperiment Text Vault
AuthType Basic
 
<Limit GET POST>
require valid-user
</Limit>

This is not the correct file structure. To fix this I have to ftp the file into my computer where I can use a local tool I understand better to remove the line break. Then I upload the file back to the server. Then all works well.

If you know how to set pico to allow longer lines without line break let me know.

Turns out the you can start pico with "pico -w" to stop the Word Wrap feature. It's sometimes a good idea to try stuff like "pico --help" to see if there might be any hints given.