Restricting Access
It's important to realise that the servers are configured so that
via the World Wide Web, any person from anywhere in the world at any hour can
obtain any files in your web space. However there are two ways in
which it is possible to restrict access. These are only available to clients with virtual domains
First Method
This way you can restrict access to a directory. For example to read
http://www.albino.com/space/restricted/,
you must enter the username bean and the password stalk
How do you do it?
It's a little complicated - not for beginners:
- Write a file called .htaccess like this:
AuthUserFile /web/guide/albino/HTML/space/apples/.htpass
AuthGroupFile /dev/null
AuthName "'bean' and password 'stalk'"
AuthType Basic
<Limit GET POST>
require user bean
</Limit>
Put the complete name of the directory where you are going to put the password file (.htpass) in place of /opt/web/guide/albino/space/apples/
. Put whatever you want after AuthName
and the desired user name instead of
bean
.
- Transfer the .htaccess file to the directory which you wish to restrict. You must transfer it in ASCII/text mode or it won't work.Once you have transferred it, you may find it seems to have disappeared because, files that begin with a dot are 'hidden' by the system. If you are using DOS or Windows, you may have trouble creating a file with the name .htaccess. In this case, call it htaccess.txt and change the name once you have transferred it. Also, this file must be written in text format, not in MS-DOS text format.
- Connect to your domain by Telnet, and create the directory where you want to put the password file (.htpass), and then change directory to this directory. For example:
mkdir apples
cd apples
- Type in the command to create the password file:
htpass -c .htpass bean
Substitute the desired username forbean
.
- The server will ask:
Adding password for bean
New password:
type in the password - it won't appear in the screen
Re-type new password:
type the password again
This is the most basic configuration. There are more details at:
NCSA
Note that in our system, it is necessary to use the program htpass, not htpasswd. Remember that you won't be able to see these files from FTP, only with Telnet, typing ls -la. This method only restricts access from the Web. Other users of the server will continue to have access to this directory. In order to protect you most confidential files, it is necessary to use the Second Method.
Second Method
With this method you can restrict reading files. For example, try to read:
restricted.html. It's also possible to protect directories, but for total security you should protect both the directories and the files in them.
- Conect to your domain by Telnet
- Type
chmod 700 file.htm
or whatever it is.
Copyright 1996, Albino