Skip Navigation
Site HomeSearch

On-Line Reference:
RedHat Linux Unleashed

Did this help?
... or
Donate at PayPal®...

Tux the Pengin

OK, here's a freebie: A simulation of the old text-based Star Trek game we used to play on HP 2100's using a Teletype ASR-33 as a console: StarTrek Game

Protect web folders with Apache htaccess authorization

Some web hosts provide tools to protect folders (directories) on their web servers. Some don't, but if you have root access to the virtual host, you can create your own htaccess protection files.

Let's assume you have an osCommerce site and you want to lock down the /admin/ directory to prevent someone from clobbering your store. Here's how:

osCommerce usually installs in a directory called "catalog" so the directory path to admin is usually something like: /home/user/public_html/catalog/admin

We need to first have root access and also have the host configuration set to allow the use of htaccess to control access. Then we create a user/password file in a safe location on the server, and finally create the htaccess file that forces authentication to access the store's admin module:

  1. Confirm the host Apache server has "AllowOverride AuthConfig" set for this domain.
  2. Log in to the host server and "su" to root.
  3. Move into the domain root (not the document root; one level above that -- for instance if your domain document root is /home/user/public_html then the domain root is /home/user)
  4. Create a passwdfile using the htpasswd command:
    # htpasswd -cb osc_users yourname yourpass
    (the "-cb" means create a new passwdfile, and take the password from the command line)
  5. Set the permissions on the passwdfile:
    # chmod 644 osc_users
  6. Move into the admin directory:
    # cd /home/user/public_html/catalog/admin
  7. Edit the existing .htaccess file that comes with osCommerce, adding this to the end of the file:
    AuthName "admin"
    AuthType Basic
    AuthUserFile /var/www/osc_users
    require valid-user
  8. Restart the Apache webserver:
    # /etc/rc.d/init.d/httpd restart

You should now get a standard Apache "username/password" log in menu when you point your browser to the admin directory. If you enter your name and password, you should get the osCommerce admin module index page.


You get a "Server configuration error - 505" or similar.
Your host is not set to allow htaccess files. Get in touch with the sysadmin and have them enable it for you.
You get a "Access forbidden..." message.
Your server is not set up to allow authorization configuration by htaccess. Your domain must have the "AllowOverride AuthConfig" directive set.
Print plain