|
|
|
|
.htaccess
Oops, we forgot to define SSI. "SSI" is Server Side Includes. We'll go into what they are and how they work in a differen Xxaxxperiment. For the record the above does work. (At least on a server I am hosted by running Apache.) Another thing that the ".htaccess" file is good for is password protecting a directory. If we put the following file .htaccess into a directory.
For example we could put it into the directory /home/n/ne/newbie/public_html/gazette/xxaxx/testvault/. Then any browser requesting any file from that directory, http://www.newbie.org/gazette/xxaxx/testvault/whatever.html for example, will be required to enter a valid user id and password. This user id and password will be verified before the requested material will be sent to the user. In addition to the directory in which the ".htaccess" file is stored being protected any directory below that directory is protected as well. For example:
All of these directories will be password protected (requiring authentification) from that one .htaccess file. (Please note for the record, this can be modified by putting separate .htaccess into any subdirectory that one wishes. This new ".htaccess" file will take over.) Going back to that funny looking file:
The first line >AuthUserFile, tells the webserver where to find your username/password file. You will note that this directory name is in its raw format. No funny virtual domain names are allowed. The raw machine directory structure is used. You must use the full machine name for the directory. If you don't know it you can find it using the pwd (present working directory) command. For example:
I don't know much about that >AuthGroupFile thingie yet. Since we are not using it at the moment why not just ignore it for now? I can tell you that the /dev/null is a kind of "it don't exist" setting. The >AuthName (in this case "Xxaxxperiment Text Vault") is a text string that will show up on the browser authentification screen. It is presented to browsers trying to gain access to the protected directories. The rest of the file is a magical incantation. Later we can look at other options. For the moment just leave them alone and use them as is.
For authentification to work you will need two things in the protected directory.
The .htpasswd file will contain the list of users and their passwords. ".htaccess" is created by you using a text editor. ".htpasswd" is created by the htpasswd program. (Please note: you could use a different name than .htaccess. If you do you need to use the same name in the first line of the .htaccess file. Most folks by habit call it .htpasswd. In case you were wondering the . is justed used to make the file invisible in the Linux environment.) Steps to creating the .htaccess:
Thats it. Pretty simple actually. To test the authentification try these links:
Notes: Here is what the .htpasswd file looks like for this test system:
This is not the correct file structure. To fix this I have to ftp the file into my computer where I can use a local tool I understand better to remove the line break. Then I upload the file back to the server. Then all works well. If you know how to set pico to allow longer lines without line break let me know. Turns out the you can start pico with "pico -w" to stop the Word Wrap feature. It's sometimes a good idea to try stuff like "pico --help" to see if there might be any hints given. |
You should first see the prompt window (or something like it) shown to the left. The user name is entered into the User Name: part. And, you guessed it, the password is entered into the Password: part. This much is obvious from the screen. The part that might not be obvious is that the characters are converted into '*' as one types in the password. Thus keeping folks from reading it over your shoulder.
If you fail to input the correct username/password combination you get the screen pictured to the left. It is not enough to have a valid username and a valid password. You must have the username and password match as a pair. ;-)