Speedsoft :: Password Protecting a Directory : Support

: Password Protecting a Directory

See Also

Password Central
CGI Central
Text Editor
iManager

This page provides information on password protecting a directory and thereby any HTML pages or scripts located in it. This involves using the magic files .htaccess, .htgroup, and .htpasswd. If you have any questions or problems with this procedure, please email support@speedsoft.com.

Step 1: Create the .htaccess file
Step 2: Create the .htgroup file
Step 3: Create the .htpasswd file
Common Problems with 500 Server Error
FrontPage and Two Login Screens Problem

Make sure you are on the same server as your web site:

Step 1: Create the .htaccess file

First create an .htaccess file in the directory you want to password protect. Let's say your username is "caddy" and you have a subdirectory called "shack", so that the pages or scripts contained in "shack" would be accessed by "http://www.speedsoft.com/caddy/shack". You want the page to be accessible only to a user by the name of "danny". The .htaccess file for this looks like the following.

(You might want to use our online Text Editor to create this text file.)

If you create .htaccess on your home computer and FTP it into your account, make sure you upload this file as ASCII, not binary!

We stuck the .htpasswd file in the cgi-bin directory so that it would be unreadable by a browser.

Step 2: Create the .htgroup file

This is optional. If you have more than one username that will have access to the "shack" directory, you will need to create a group file in your home directory named ".htgroup" that looks like this:

my-users: danny judge lacey carl tye

The .htaccess file would now instead read

(You might want to use our online Text Editor to create this text file.)

Step 3: Create the .htpasswd file

Lastly, you have to create the .htpasswd file. This is the actual file which contains the user passwords. This file will reside in your cgi-bin directory so as to not be readable by a browser. To create it, fill out the information below and click on the "Add User" button at the bottom. If the username is already in the .htpasswd file, it will overwrite it.

Make sure you are on the same server as your web site:


Common Problems with 500 Server Error: Many times people report a "500 Server Error" when creating/modifying their .htaccess or .htgroup files. Nine out of ten times this is caused by one of two things. 1) The file was transferred to the server using FTP in Binary mode rather than ASCII. 2) There is no "new-line" or "carriage return" on the last line of the file. This too can be caused by transferring the file in Binary mode. Please re-transfer the file using FTP ensuring that you are transferring it in ASCII mode.

FrontPage and Two Login Screens

Sometimes when you use this .htaccess method of directory protection when you have FrontPage installed on your site, you will be prompted to login twice. You should only use the .htaccess method or the FrontPage method to protect the directory. It is suggested to use the simple .htaccess method even if FrontPage is installed. However, you need to be sure to include a trailing slash on the URL when accessing the protected folder. For example, if you were protecting a directory name "admin," instead of
http://www.yourdomain.com/admin
use
http://www.yourdomain.com/admin/
This will prevent two login screens.

This is the short fix. A more permanent fix is to add a line in the .htaccess file that reads:
RedirectMatch /admin$ /admin/
This will make it so that any access to "/admin" is the same as an access to "/admin/".