Difference between revisions of "Limiting Access"

From HE FAQ
Jump to: navigation, search
(Created page with 'This document demonstrates the use .htaccess to restrict access to web documents by user and password. == The Restricted Access Document == The document [http://www.he.net/~jdoe…')
 
(Can I limit access for a directory?)
 
(8 intermediate revisions by 4 users not shown)
Line 1: Line 1:
This document demonstrates the use .htaccess to restrict access to web documents by user and password.
+
{{1 prefix}}
 +
This document demonstrates the use of .htaccess to restrict access to web documents by user and password.
  
== The Restricted Access Document ==
+
== How can I block people from certain IP Address so they can't access my site? ==
 +
 
 +
You can add the following to the .htaccess file in your public_html directory:
 +
 
 +
<pre>order deny,allow
 +
deny from 192.0.2.123</pre>
 +
 
 +
''(change the ip address to the offending ip)''
 +
 
 +
This will block them from seeing not only your main pages, but all pages in all subdirectories. If you wish to block them from seeing only one, or a small set of, subdirectories, place the above code in the .htaccess file of the highest subdirectory that you want blocked.
 +
 
 +
== Can I limit access for a directory? ==
 +
 
 +
All new accounts have this capability.
 +
 
 +
You can find a list of features for each currently available account type here:
 +
 
 +
http://he.net/web_hosting.html
 +
 
 +
=== The Restricted Access Document ===
 
The document [http://www.he.net/~jdoe/info/htaccess/example/restricted.html "Restricted Information"] is only available to user john with password orange and user sheri with password apple. The first time you click on "Restricted Information", your web browser should prompt you for a user name and password. If it does not you may be using a web browser which is not HTTP authentication capable.
 
The document [http://www.he.net/~jdoe/info/htaccess/example/restricted.html "Restricted Information"] is only available to user john with password orange and user sheri with password apple. The first time you click on "Restricted Information", your web browser should prompt you for a user name and password. If it does not you may be using a web browser which is not HTTP authentication capable.
  
== Ingredients ==
+
=== Ingredients ===
 
NOTE: Please make sure you are setting this up in the directory that you want passwd protected. The .htpasswd file will end up in the wrong directory otherwise. For more infomation on how to use Unix, please check out our Unix Tutorial.
 
NOTE: Please make sure you are setting this up in the directory that you want passwd protected. The .htpasswd file will end up in the wrong directory otherwise. For more infomation on how to use Unix, please check out our Unix Tutorial.
  
Line 17: Line 37:
  
 
:Note that .htaccess will not work if there are extra spaces after AuthUserFile.
 
:Note that .htaccess will not work if there are extra spaces after AuthUserFile.
 
  
  
Line 29: Line 48:
  
 
NOTE: There is no correspondence between the usernames and passwords used for accounts on this server and usernames and passwords in any specific .htpasswd file. A user doesn't need to have an account on this system in order to be validated for access to files protected by HTTP-based authentication.
 
NOTE: There is no correspondence between the usernames and passwords used for accounts on this server and usernames and passwords in any specific .htpasswd file. A user doesn't need to have an account on this system in order to be validated for access to files protected by HTTP-based authentication.
 
== Further Study ==
 
This example limits access by user and password, however you can also restrict access by domain. To find out more read the [http://hoohoo.ncsa.uiuc.edu/docs/tutorials/user.html Mosaic User Authentication Tutorial].
 
 
== Other ==
 
This lists other varibles you can put into your .htaccess file.
 

Latest revision as of 12:16, 19 October 2012

This information only pertains to Hurricane Electric's Shared Web Hosting package. There may be different information in our other categories.

This document demonstrates the use of .htaccess to restrict access to web documents by user and password.

How can I block people from certain IP Address so they can't access my site?

You can add the following to the .htaccess file in your public_html directory:

order deny,allow
deny from 192.0.2.123

(change the ip address to the offending ip)

This will block them from seeing not only your main pages, but all pages in all subdirectories. If you wish to block them from seeing only one, or a small set of, subdirectories, place the above code in the .htaccess file of the highest subdirectory that you want blocked.

Can I limit access for a directory?

All new accounts have this capability.

You can find a list of features for each currently available account type here:

http://he.net/web_hosting.html

The Restricted Access Document

The document "Restricted Information" is only available to user john with password orange and user sheri with password apple. The first time you click on "Restricted Information", your web browser should prompt you for a user name and password. If it does not you may be using a web browser which is not HTTP authentication capable.

Ingredients

NOTE: Please make sure you are setting this up in the directory that you want passwd protected. The .htpasswd file will end up in the wrong directory otherwise. For more infomation on how to use Unix, please check out our Unix Tutorial.

  • The web document to be protected - Actually, access is restricted by directory so all files in the same directory will be protected.
  • The file .htaccess - This file should be in the directory which contains the documents to restrict access to. The contents of this file specify the name of the password file. For example if you were user jdoe with web documents in the local directory "/home/jdoe/public_html/goodstuff" that you wanted to restrict access to, your .htaccess might look like:
AuthUserFile /home/jdoe/public_html/goodstuff/.htpasswd
AuthName jdoe_goodstuff
AuthType Basic
Require valid-user
Note that .htaccess will not work if there are extra spaces after AuthUserFile.


  • The file .htpasswd - This file contains the passwords of the users. To create the .htpasswd file log in to this server using SSH, change directory to the directory you want to restrict access to, and type:
htpasswd -c .htpasswd someuser

for the first user (where someuser is the username). You will then be prompted twice for the user's password. The -c option causes the .htpasswd file to be created. For each additional user type:

htpasswd .htpasswd someuser

NOTE: There is no correspondence between the usernames and passwords used for accounts on this server and usernames and passwords in any specific .htpasswd file. A user doesn't need to have an account on this system in order to be validated for access to files protected by HTTP-based authentication.