Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
11-07-2004, 09:51 PM
|
#1
|
LQ Newbie
Registered: Sep 2004
Posts: 27
Rep:
|
How Can I password protect a sub-directory of a hosted website from client PC
I have a website hosted with an ISP and I wanted to password protect one of its
sub-directories e.g. http://www.xxxxx.com/somefolder will present an enter username and password dialogue box in order to login.
I have read about .htaccess and .htpasswd howto but it seems that I have to be running
apache in order to do that.
I have created .htaccess file under /home/user/web/somefolder/.htaccess
And I tried to create .htpasswd /home/user/web/somefolder/.htpasswd
and results in bash: command not found.
I tried cd /.../.../somefolder and typed as root
htpasswd -c .htpassed username and got the same result bash: command not found.
I am running redhat 8.0 on a client PC.
I have not installed apache server.
Can anyone tell me how to go about password protect website sub-dirctories from
a client PC.
Thanks in advance.
mark001
|
|
|
11-07-2004, 10:26 PM
|
#2
|
LQ Guru
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522
Rep:
|
hi there
u need to edit ur httpd.conf (apche web server conig file)
have a look at
http://httpd.apache.org/docs-2.0/howto/auth.html
regards
|
|
|
11-07-2004, 11:19 PM
|
#3
|
Member
Registered: Jun 2004
Location: West Michigan
Distribution: limping along with MD10, Knoppix3.6 : )
Posts: 62
Rep:
|
Maybe if it says bash: command not found,
maybe you have to edit the bash profile, and tell it to look wherever this command is kept.
By default bash_profile assumes commands you use are in your home directory.
|
|
|
11-08-2004, 07:55 AM
|
#4
|
LQ Newbie
Registered: Sep 2004
Posts: 27
Original Poster
Rep:
|
HI, masand
Thank you for your reply!
since I have not installed apache, so, I guess I didn't have the http.conf file with my instllation!
From the previous threads I searched and read, they all pointed to creating and editing two files .htaccess and .htpasswd. I have created the file .htaccess, but somehow could not create file .htpasswd as mentioned in this thread. I think may be it is because I have not installed the distribution to run as a server and could this be explained for the result bash: command
not found. Just a thought.
thanks
mark001
|
|
|
11-08-2004, 08:11 AM
|
#5
|
LQ Newbie
Registered: Sep 2004
Posts: 27
Original Poster
Rep:
|
Hi, gaviidae
Thanks for replying.
I tried the bash command man htpasswd but got the result No Manual Entry for htpasswd.
I am not very familiar with the bash commands, will try and see if I could find out more.
regards.
mark001
|
|
|
11-08-2004, 08:19 AM
|
#6
|
LQ Guru
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522
Rep:
|
hi there
[root@gaurav root]# rpm -qf /usr/bin/htpasswd
httpd-2.0.49-4
[root@gaurav root]#
so u see u need httpd (apache) package for ur htpasswd
regards
|
|
|
11-08-2004, 08:38 AM
|
#7
|
LQ Newbie
Registered: Sep 2004
Posts: 27
Original Poster
Rep:
|
Hi, masand
So, in this case, I have to contact my ISP and ask them to configure their server to password protect my website sub-directories, am I right?
regards.
mark001
|
|
|
11-08-2004, 08:46 AM
|
#8
|
LQ Guru
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522
Rep:
|
hi
yes this is to be configured at the place where it is hosted
regards
|
|
|
11-08-2004, 11:36 AM
|
#9
|
Member
Registered: Jul 2004
Posts: 42
Rep:
|
HTTP_POST
I use .htpasswd and .htaccess, but since you don't have Apache, you could try password protecting each page in that folder with a login page.
I'm not EXACTLY sure how to do this but something like this might work. I'm sure some else out there might know better.
loginpage.php:
<form name="login" action="yourpage.php" method="POST">
User: <input type="text" name="user" size="70"><br />
Pass: <input type="text" name="pass" size="70"> <br />
<input type="submit" name="Submit" value="Login">
</form>
user_pass.php (put in a directory outside of htdocs/html/public directory so its not web accessible)
<$php
$me = [username];
$mypassword = [password];
?>
yourpage.php:
<?php
require_once('/non_web_accessible_directory/user_pass.php');
$user = $HTTP_POST_VARS['user'];
$pass = $HTTP_POST_VARS['pass'];
if ($user == $me && $pass == $mypassword){
echo 'This is my protected page content.';
}else{
echo '<a href=\"loginpage.php\">Please Login First</a>';
}
?>
|
|
|
11-08-2004, 08:04 PM
|
#10
|
LQ Newbie
Registered: Sep 2004
Posts: 27
Original Poster
Rep:
|
Sutley,
thanks for the posted script.
This is almost exactly what I had wanted to do - password protect sub-directories and/or a particular webpage, so the viewer has to login inorder to see its content.
I will try to use the posted script, but I have to dig into some php reading first. although know php is a scripting language but didn't know much on php.
regards.
mark001
|
|
|
11-09-2004, 12:27 AM
|
#11
|
LQ Guru
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522
Rep:
|
hi there
i agree that the script is fine but what if i bypass the login page and go directly to the directory if i know the location??
for this u need the configuartion as of discussed earlier because the webserver will not stop me browsing that directory unless specified....
regards
|
|
|
11-09-2004, 10:21 AM
|
#12
|
LQ Newbie
Registered: Sep 2004
Posts: 27
Original Poster
Rep:
|
Hi, masand
I think if we can password protect every webpage within a certain directory ,then, that particular directory is also password protected via the protected webpages. This may be true if the directory consists of only webpages and no other files.
I hope I am making some sense. . . . out of this.
regards.
mark001
|
|
|
11-09-2004, 10:34 AM
|
#13
|
LQ Guru
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522
Rep:
|
hi there
what i am saying is that u need to restrict a user to a certain directory
that will be more safe
or u need to put the code in all ur pages
and what if u want to remove this restriction then remocve the code from all thepages???
while a single entry if possible at the webserver wil serve ur purpose
regards
|
|
|
11-09-2004, 11:10 AM
|
#14
|
Member
Registered: Jul 2004
Posts: 42
Rep:
|
Yes. Using Apache's ability to use .htpasswd and .htaccess would be ideal and easy. How about proposing other solutions? Surely there is another way to protect directories. Mark001, can you tell us more about your server? I only have experience with Apache, but surely what ever you're using has the ability to prompt for a user / pass in order to access a directory. Maybe there's someway to chown the directory to a user and use that to your advantage. Otherwise if using the login script, I wouldn't manually place it in every webpage. I would save it in a sepearte file and use php to "include" it. That way if you ever want to change it, you only have to change it in one place.
sam
Last edited by sutley; 11-09-2004 at 11:11 AM.
|
|
|
11-09-2004, 11:14 AM
|
#15
|
LQ Newbie
Registered: Sep 2004
Posts: 27
Original Poster
Rep:
|
Hi, masand
I agree absolutely to your point that having the configuration done at the server config files seems to be the best option because less work is involved.
I called my ISP yesterday to enquire about this issue and they agreed to help out at no extra cost.
Regards.
mark001
|
|
|
All times are GMT -5. The time now is 09:39 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|