How Can I password protect a sub-directory of a hosted website from client PC
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How Can I password protect a sub-directory of a hosted website from client PC
I have a website hosted with an ISP and I wanted to password protect one of its
sub-directories e.g. http://www.xxxxx.com/somefolder will present an enter username and password dialogue box in order to login.
I have read about .htaccess and .htpasswd howto but it seems that I have to be running
apache in order to do that.
I have created .htaccess file under /home/user/web/somefolder/.htaccess
And I tried to create .htpasswd /home/user/web/somefolder/.htpasswd
and results in bash: command not found.
I tried cd /.../.../somefolder and typed as root
htpasswd -c .htpassed username and got the same result bash: command not found.
I am running redhat 8.0 on a client PC.
I have not installed apache server.
Can anyone tell me how to go about password protect website sub-dirctories from
a client PC.
Distribution: limping along with MD10, Knoppix3.6 : )
Posts: 62
Rep:
Maybe if it says bash: command not found,
maybe you have to edit the bash profile, and tell it to look wherever this command is kept.
By default bash_profile assumes commands you use are in your home directory.
since I have not installed apache, so, I guess I didn't have the http.conf file with my instllation!
From the previous threads I searched and read, they all pointed to creating and editing two files .htaccess and .htpasswd. I have created the file .htaccess, but somehow could not create file .htpasswd as mentioned in this thread. I think may be it is because I have not installed the distribution to run as a server and could this be explained for the result bash: command
not found. Just a thought.
user_pass.php (put in a directory outside of htdocs/html/public directory so its not web accessible)
<$php
$me = [username];
$mypassword = [password];
?>
This is almost exactly what I had wanted to do - password protect sub-directories and/or a particular webpage, so the viewer has to login inorder to see its content.
I will try to use the posted script, but I have to dig into some php reading first. although know php is a scripting language but didn't know much on php.
i agree that the script is fine but what if i bypass the login page and go directly to the directory if i know the location??
for this u need the configuartion as of discussed earlier because the webserver will not stop me browsing that directory unless specified....
I think if we can password protect every webpage within a certain directory ,then, that particular directory is also password protected via the protected webpages. This may be true if the directory consists of only webpages and no other files.
what i am saying is that u need to restrict a user to a certain directory
that will be more safe
or u need to put the code in all ur pages
and what if u want to remove this restriction then remocve the code from all thepages???
while a single entry if possible at the webserver wil serve ur purpose
Yes. Using Apache's ability to use .htpasswd and .htaccess would be ideal and easy. How about proposing other solutions? Surely there is another way to protect directories. Mark001, can you tell us more about your server? I only have experience with Apache, but surely what ever you're using has the ability to prompt for a user / pass in order to access a directory. Maybe there's someway to chown the directory to a user and use that to your advantage. Otherwise if using the login script, I wouldn't manually place it in every webpage. I would save it in a sepearte file and use php to "include" it. That way if you ever want to change it, you only have to change it in one place.
I agree absolutely to your point that having the configuration done at the server config files seems to be the best option because less work is involved.
I called my ISP yesterday to enquire about this issue and they agreed to help out at no extra cost.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.