Jose Saucedo

Mr. Mentze
Block. 4
2/10/16
Unit 11
1. Most web sites are openly available to anyone who knows, or finds, the URL
2. But occasionally you will want to password-protect some or all of your pages. For
example, if you run the web site for a club or a school, youll want to restrict certain areas
to members or students only. Or perhaps your site contains information that has a value,
such as documents or pictures, and you need to ensure that its only viewable to your
paying customers
3. Password-protecting one or more areas on your web site is actually a fairly easy
task to accomplish, because theres a facility built into most web servers. You dont even
need to do any programming
4. The key to protecting your pages in this way is to know about two special text
files called .htaccess and .htpasswd. The first file, .htaccess, contains some special
commands for the web server which basically say "please dont show anyone the pages in
this folder unless they enter a correct username and password
5. The other main use for a .htaccess file is password protection. For such purposes,
the file needs to look something like this: AuthType Basic AuthName "test" AuthUserFile
"/home/thewebbo/.htpasswds/.htpasswd" require valid-user
6. To start password-protecting your web site, use FileZilla to create a new folder on
the site, within public_html, called private. In that folder, create and upload a simple test
page. Then type the example .htaccess file shown above, into a text file, call it .htaccess,
and upload that into your private folder too

7.

.htpasswd file is merely a text file of usernames and passwords, with each pair on

a separate line and with a colon between the usernames and passwords
8. So for added security, heres how the feature actually works. Instead of creating a
line that consists of, say, open:sesame, you encrypt the password in advance, thus the line
becomes: open:$apr1$kZy1b/..$BM8fLekWkKblQ6pynXeM/1
9. If you want to protect more than one folder on your site, you can do that in 2
different ways. If you want to use the same set of usernames and passwords for all of the
protected folders, just put a copy of the same .htaccess file in each of the folders, which
all point to the same .htpasswd file. If you want to use different usernames and
passwords, then each protected folder will need its own .htaccess file, which points to a
unique .htaccess file. In the case of Hostmonster, those files must all reside in the
.htpasswds folder, but the name of the file itself can vary. So you could, for example,
have separate files called .htpasswd1, .htpasswd2 and so on, pointed to by
complementary .htaccess files