.htAdmin was designed with simplicity in mind. Accordingly, it was programmed to protect
a single directory. With this being said, let us explain how .htaccess directory restriction
- Restriction of a directory only flows downstream
- Restriction will not flow upstream
- Restriction will not flow laterally
Placing the .htaccess and .htpasswd files in a root directory (where the main index page resides)
will restrict access to the entire website and require a visitor to supply a username and
password to continue on from ANY point of entry.
For demonstration purposes we have setup our demo in the following manner:
Screenshot Of The Main Admin Console
Our .htAdmin demo script can be accessed by CLICKING HERE. The admin USERNAME
is "demo" and the PASSWORD is "123". In order to access http://htadmin.com/demo/testone/
you will need to create your own .htaccess USERNAME and PASSWORD via the .htAdmin demo script and enter
same when prompted.
The .htaccess file is a simple text file placed in the directory you want the contents of the file to
affect. The rules and configuration directives in the .htaccess file will be enforced on whatever directory
it is in and all sub-directories as well. There are a few directives that must be understood. One of these
directives in the .htaccess file ( the AuthUserFile directive ) tells the Apache web server where to look to
find the username/password pairs.
The .htpasswd file is the second part of the equation. The .htpasswd file is also a simple text file. Instead
of directives, the .htpasswd file contains username/password pairs. The password will be stored in encrypted
form and the username will be in plain text.
Why do these files begin with a "."? Any file in Unix that starts with a "." is considered a hidden file. In
a normal directory listing, these files won't be displayed because Unix considers them to be files that don't
need to be seen, but files that need to be there, so they are hidden.
Some FTP applications have a "Show Hidden Files" command to show hidden files, but they won't always display
these .ht files even if "Show Hidden Files" command is enabled. There are other ways to accomplish this:
- For WS_FTP: If you use WS_FTP, in the "Session Properties" dialog's "Startup" tab, type "-a" in the "Remote file
- For CuteFTP: Open a connection - any will do as the result is global in scope - and right click in the remote
pane, click "Filter", click "Options" tab and check the box that says "Enable remote filters (Server applied
filters). Then type "-a" in the "Remote Filter" field.
After you properly configure your FTP client, you can manipulate your .htaccess and .htpasswd file as you would
any other, including editing and deleting.
Caution: The security provided by .htaccess lasts for a single browser session. Be aware that should you be
browsing a secure site in a public space, you must close the browser in order to prevent someone else from
gaining access to the secure materials.