how2 password protecting directory

[iliad2b]

Hi,

1. i attempted to use DA to protect a directory, but i couldn't find the box mentioned in the manual, to place a check mark on.

2. i attempted to protect a directory utilizing a manual method of creating a .htaccess and .htpasswd files and was re-directed to DA, by my host when i prompted the question about the "full server path" or "absolute server path".

3. so, i went back to DA, and when i studied the "Directory Password Protection" module i notice that there is no check box as discribed in the DA manual, rather you need to click on the "protect" link, which is in the same place of where you click to "edit", "rename" or "copy" a file.

4. so i was successful to password protect a directory.

5. when i browse towards the directory, i get prompted for user password, but i get a 404 page error!

6. i was told by my host, that i need an index.htm, index.html or index.php file.

7. so i placed an empty index.htm file inside my protected directory, and now i get an empty page when i browse it with my favorite browser.

8. so i populated the directory with dummy word, excel, and powerpoint files, but i am not able to see anything.

9. how do i go about being able to see the data in that directory?

any help is greatly appreciated.

 

[sander815]

if theres no index.html/php/htm you get an error page, if theres an empty index.html, you get an empty page, of course

if you are admin of the server try this: http://www.csoft.net/docs/micro/htaccess.html.en
or maybe upload a .htaccess file yourself with ftp will work also

 

[iliad2b]

follow up from 9

10. i deleted the index.htm file (sander815 is right)

11. in the .htaccess file i added the following code at the very top of the file:

Options +Indexes
IndexOptions +FancyIndexing +FoldersFirst

12. which leaves me with:

Options +Indexes
IndexOptions +FancyIndexing +FoldersFirst

AuthGroupFile /dev/null
AuthName "development"
AuthType Basic
AuthUserFile /home/blah/domains/blah.org/.htpasswd/public_html/development/.htpasswd
require valid-user

13. waaahooooooo... i am now able to see my files and directories, and when i click on them it ask's me to download or if its a directory it goes into the directory.

14. almost done, i want to ftp into this directory with a gui ftp program. do i have to do anything special when i tell my ftp program to go directly into this newly created directory "folder"?

 

[sunny2910]

follow up from 9

10. i deleted the index.htm file (sander815 is right)

11. in the .htaccess file i added the following code at the very top of the file:

Options +Indexes
IndexOptions +FancyIndexing +FoldersFirst

12. which leaves me with:

Options +Indexes
IndexOptions +FancyIndexing +FoldersFirst

AuthGroupFile /dev/null
AuthName "development"
AuthType Basic
AuthUserFile /home/blah/domains/blah.org/.htpasswd/public_html/development/.htpasswd
require valid-user

13. waaahooooooo... i am now able to see my files and directories, and when i click on them it ask's me to download or if its a directory it goes into the directory.

14. almost done, i want to ftp into this directory with a gui ftp program. do i have to do anything special when i tell my ftp program to go directly into this newly created directory "folder"?

Hey,

my first mail here.
I had the same problem as iliad2b.
So I inserted the same as mentiones in step 11 above.

I brings me to my directory which I had already protected with a password.
But if I now directly go to the webpage (which is supposed to be protected, there is no longer a password check.) For example, there is a simple pdf-file installed as test, and this opens completely wwithout even asking a password.

Someone any help?

Before copying this step 11: I tried with several passwords in the setup for a protected directory (protected directory propmpt, user, and twice a password)
I never could pass the loginprocedure, and always ended up with error 404.

Thx anyway
marc

 

[iliad2b]

Here is what i ended up doing:

1. create a folder inside public_html/APPLE
2. (for this chat we will use APPLE as our new folder)
2. create an ftp account and point it towards that new folder BY typing in the path name
3. when people login, they will only see this new folder and NOT be able to go up the directory structure

question:
4. how do i get the correct path

answer:
5. when and if you ever password protected a folder using DA, open up the .htaccess or .htpasswd on your server, and copy the path from there. you will only need the beginning part of it, i hope you understand what i mean.

what do i mean by begining part:
6. /home/blah/domains/blah.com/.htpasswd/public_html/blah/.htpasswd

what you need is:
7. /home/blah/domains/blah.com/public_html/APPLE/

8. where ever you see blah, it is replacing my personal information of my server, i did not want to give this information out. but it is inserted automatically by my server admin.

what does this accomplish?
9. individuals can use a NON-SECURE ftp program to place items in this folder use (SmartFTP)
9.5 if your server supports a SECURE ftp access, then use (WinSCP)
10. individuals can view items in this folder via there favorite browser

the final "gotcha"
11. the name on the account is LONG, take a good look at DA, cuz it has on the right side of the name box the SUFFIX of the name to be.

mine is
12. i choose rockie as the name so
13. [email protected] is the sign on name
14. NO www, note blah is your website

password
15. this is normal what ever you choose with DA

hope this helps

 

[sunny2910]

different

Iliad,

I suppose we're talking about different things here.

I don't think I need a special FTP-account to upload my files, or anyone else.
This is not the intention (despite what I think you have in mind, sorry)

The whole intention of mine is just that our site can be viewed (not adjusted) by everyone, and that only me (at least at this moment) can modify the content of it.

Our members from our department (where the password protected directories are for) should be able to view the site as anyone else, but should have the possibility to go furhter and "log-in" (again, not adjust) to those secured pages.

I hope it makes things easier to me, because what you wrote before, sounds a "little bit" unknown for me.

Hope you or some-else can help...
thx anyway,
marc

 

[iliad2b]

marc,


i believe i know what it is your looking for. here is how i implemented it at school.

note: i was not able to implement this with my host server because they use DA to do this.

example of directory path that everyone sees

domains\html\www\index.html

example of directory path that the index page points to but you will get prompted for password

domains\html\www\cars\cars.html

so, when someone is visiting index.html and they click on the cars link, they will get prompted for password.

so here is what you do to implement this "without" DA

create an empty text file called .htpasswd here (no prefix or suffix)

domains\.htpasswd

create a text file and place it here (no prefix or suffix)

domains\html\.htaccess

in the .htaccess file insert this code

AuthUserFile /the/absolute/path/to/your/home/direcotry/.htpasswd
AuthGroupFile /dev/null
AuthName "this is just a discription place"
AuthType Basic 

<Limit GET POST>
require valid-user pumpkin
</Limit>

// pumpkin is the name of a user, which gets automatically inserted when you create a password (below)

Question:
1. how do you get to know your absolute path?

Answer:
A. first, the end of the absolute path should be where ever you placed the .htpasswd file, in this case we have it at "domains\.htpasswd"

B. second, the begining part of the absolute path could be found by having DA create a protected folder and then read the .htaccess file it creates

C. ask your host provider for the absolute path

Question:
2. how do i add users to .htpasswd

Answer:
A. logon via a cmd prompt to your host server (telnet www.apple.com) and go to the directory "above" the one you want to protect (where the empty .htaccess file is located)

htpasswd /.htpasswd pumpkin

// pumpkin is the user name
// you will get prompted twice for a "new" password

B. you can use website tools to generate a password (copy and paste the info to your .htpasswd file)

[url]http://www.flash.net/cgi-bin/pw.pl[/url]

final thoughts:

// insert this into .htaccess see if it works

pumpkin:NgFQ1vnnW/tJk

good luck

 

[sunny2910]

with DA

Iliad,

any idea how this works with DA?

You mentioned a procedure without DA, but I prefer to do this with this system.

By reading this, you'll understand that did not succeeded in the way you wrote.
Thanks for everyone who can help me.

 

[iliad2b]

with DA, all you do is:

1. use the File Manager module (icon)
2. go to the directory you want to protect, but do NOT open it
3. to the right, you will see a protect link, which is in the same spot as "rename"

4. click on the protect link and go from there
5. remember that when you test it, you will have to add the @yourwebsite.com at the end of the user id you choose.

good luck

 

[sunny2910]

domain name?

When I use this "protect"-button, I can fill in several things
I think that's the main problem during all my efforts.

You have the first: "Protected Directory Prompt:" Let's say we fill in test1

secondly: "Set/Update User:" filled in with "tester1"
(by the way: you told me to use the additional @yourdomain.com to the the userID: Is this the place you mean, because I'm not allowed to use the "@"character in this field ;..???

Password and repeat of it is simple.

Suppose I protect the map "group".
By now I will go into my browser to www.mydomain.com/group

Normally the login-popup will appear.
Now's the question (regarding to the earlier set-up above) which I have to fill in?
I keep on receiving the 404-error.
thx

I know I'm close, but it's the final touch that's going wrong.

 

[iliad2b]

Just to let you know.. that above all this chatting dialog, it once said that I have not been able to get DA to work the way it is suppose to work.....

that is why i used the ftp route, which does exactly the same thing, plus it gives a method to add or delelte files with nifty kewl ftp gui's....

you use the @yourdomain "only" when you are login in.

once you set up your account with DA, then when you test it and the system prompts you for login information, then you use the [email protected]

but but with out the www. example:

right way:
[email protected]

wrong way:
billy@www.yahoo.com

good luck

 

[iliad2b]

simply to clarify something:

with the ftp acount method

anyone who points there browser to [url]ftp://ftp.yourdomain.com/group[/url] will be prompted for name and password

(put a check mark on remember this password, becuase the system will prompt many times for it)

with the ftp acound method

you can use smartFTP a non-secure ftp program to upload and manage files on the system.  nicer than DA's browser method.

reminder both methods above login the same way:

[email][email protected][/email] (without [url]www.[/url])
yourpassword

 

[sunny2910]

Forbidden
You don't have permission to access /ledenlijst/ on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


--------------------------------------------------------------------------------

Apache/1.3.34 Server at www.brandweerschoten.be Port 80



Thsi is the error that I keep on receiving.
My friend switched to DA last weekend. He's able to protect directories, and even log in, whauw!

Is there a particular file I have to put in these protected directories? At this moment there is a .htaccess and a .pgf (for testing) in this directory.

Anyone an idea?

 

[nobaloney]

If you're protecting a directory through DA you should not have your own .htaccess file in it.

Jeff

 

[Ali]

well, I had the same problem, mocked around with it a bit and all of a sudden it worked. So I deleted everything and tried again and it worked again!
So, what did I do:
I made a new directory, let's name it "fakedir", with an index.htm in it and protected this. This obviously didn't work...

Then I protected the directory I really needed to protect and voila, this one's protected!!!??
I don't know how it works, but it does.
Try it yourself! Good luck.
Ali

 

[sunny2910]

ok and not ok

Hello,

many thanks to those who helped me out.
I succeeded last week in this log-in setup.

I experienced another "problem"

Let's say that I made the dir "www.mydomain.com/fakedir" password protected.
In this directory are put some word-documents for example.

Everytime I want to open one of these word-files, and have to put in my login again and again. Probably because in this "fakedir" the worddocuments are written.

But I can not place them in the public directories, otherwise I don't need a password of course...

Anyone an idea how I can avoid re-entering my password all the time?

Thanks,
sunny2910

 

[qosai]

the solution

the solution was posted already, it says:

1. use the File Manager module (icon)
2. go to the directory you want to protect, but do NOT open it
3. to the right, you will see a protect link, which is in the same spot as "rename"

4. click on the protect link and go from there
5. remember that when you test it, you will have to add the @yourwebsite.com at the end of the user id you choose.