Most sites on the Internet provide public access to the information they contain. Anyone can view public pages of sites. However, you need to provide limited access to some sections of the sites. For example, to the pages of the administration panel. Most general-purpose CMS, forum and blog engines, have built-in authorization and access control tools. But if your resource is simple enough and is not controlled by a powerful CMS, but you need to restrict access, then you will have to think about how to authorize on the site. Fortunately, there are simple tools for this.
Necessary
A site running under the control of the apache server. Access to the site via ssh. Access to the site via ftp. Server configuration allowing custom.htaccess files
Instructions
Step 1
Connect to the server via ssh. If you have a console client installed, enter the command "ssh @" in the console, where is the name of your account on the server, and is the symbolic name, or the IP address of the server. The command might look like this: "ssh [email protected]". When prompted, enter the password for your account. For windows, you can use alternative client programs. One such program is putty.
Step 2
Go to the root directory of the site on the server. This is a directory not accessible from the web. As a rule, it contains the public_html subdirectory, which contains the site content that can be viewed over the Internet. Use the cd command. If you don’t remember the full path to the folder, use the ls command to get the contents of the current directory and step through it.
Step 3
Create a password file in the current directory. Run a command like "htpasswd -c". Here is the correct name of the file into which the data for authorization will be placed, and is one of the identifiers of the users who will have access to the section of the site. The command might look like this: "htpasswd -c.pwd User1". After entering the command, you will be prompted for a password for the user with the entered name. After entering the password, you will be asked to confirm it.
Step 4
Check for the existence of the password file. Run the command "ls --all". The displayed list of the contents of the current directory must include the name of the password file.
Step 5
Add more users who will be allowed access. Run a command like "htpasswd". The parameter value must be the same as when creating the password file. For example, to add data for user2 to a file named.pwd, use the command "htpasswd.pwd user2". Passwords and password confirmation will be prompted interactively.
Step 6
Disconnect from the server. Enter the command exit and press Enter.
Step 7
Modify your.htaccess file. Connect to the server using an FTP client program. Go to the directory corresponding to the section of the site for which authorization is required. If there is a file named.htaccess in there, download it to your computer. If there is no such file, create it on your computer. Add the following lines to the top of the.htaccess file: AuthType Basic
AuthName "greeting"
AuthUserFile "path_to_file_with_passwords"
Require valid-user Replace the word "greeting" with any phrase. It will be displayed in the user data request dialog in the browser. Instead of the value "path_to_file_with_passwords", enter the full path to the file with data for authorization on the server. This path, for example, can be like this: "/home/www/vic/domains/receptoman.ru/.pwd". Save the.htaccess file. Upload it to the server.
Step 8
Check the operation of the authorization system. Go to the section of the site for which the.htaccess file has been modified. If everything works correctly, the browser will display a dialog with requests for authorization data.