Technically what you do is password protect a directory in your Web site. If you password protect your document root directory (/usr/home/your_login/www/docs) then you are password protecting your whole site. But you may choose to only password protect a subdirectory of your Web site.
Briefly, you will need to edit a configuration file for your virtual server (kato sites only), create a file called ".htaccess" (this file will reside in the directory that you want to protect), and create the file containing the login names and passwords of authenticated users (this file is usually called ".htpasswd").
Before you get started, you must know how to Telnet into your server and be familiar with the vi or pico text editors.
STEP 1: (NOTE: STEP 1 IS FOR WEB SITES ON kato.lmi.net ONLY - YOU CAN SKIP THIS PART IF THE SITE IS NOT ON KATO) First you must set the configuration in your Web server to allow password protection. The file that contains this directive is:
/usr/home/your_login/www/conf/access.conf
(Substitute the login name on the Web server for "your_login".)
Go to this part of the file:
# This controls which options the .htaccess files in directories can
# override. Can also be "None", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
Just below those comments you'll see a line that contains this directive:
AllowOverride None
Change the word "None" to "AuthConfig" so that the line reads
AllowOverride AuthConfig
Save the changes and quit out of the file. (If it already read "AllowOverride AuthConfig" you need to nothing, just quit out of the file.) Then restart your virtual server by typing the command "usrserv reset".
2. Next, decide what directory you want restricted access to. You can create one just for this purpose (make sure it is inside your www/docs directory). Go to that directory, and create a file called ".htaccess". Enter the following text in it:
AuthUserFile PATH_OF_THE_HTPASSWD_FILE
AuthGroupFile /dev/null
AuthName TEXT_YOU_WANT_SHOWN_ON_LOGIN_DIALOG_BOX
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
For example, I created a directory inside my www.4-2-0.com's docs directory called testaccess (/usr/home/bigbhs/www/docs/testaccess). Inside that directory I created a file called .htaccess and this is what is in that .htaccess file:
AuthUserFile /usr/home/bigbhs/www/.htpasswd
AuthGroupFile /dev/null
AuthName "The 4-2-0 Secret Club"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
3. Now go to the directory where you want to put the .htpasswd file (it should be the path that you put in the first line of the .htaccess file). NOTE: Do not put the .htpasswd file in the /usr/home/your_login/www/conf/ directory - this will not work! Also do not put it in /usr/home/your_login/www/docs/ directory or any subdirectory thereof - that is insecure.
Put it in /usr/home/your_login/www/ or perhaps create a directory such as /usr/home/your_login/www/passwd/ and put it in there.
When you are in the directory where you want the .htpasswd file, type this at the prompt:
htpasswd -c .htpasswd <firstusername>
i.e.
htpasswd -c .htpasswd bobbysue
The program will prompt you for a password, then verify by asking again. You will not see the password when entering it.
This creates the .htpasswd file and adds "bobbysue" as the first user. To add more users in the future, use the same command without the -c argument, i.e.:
htpasswd .htpasswd billyjoe
This will add username "billyjoe" to your .htpasswd file.
To delete users, open the .htpasswd file in a text editor and delete the appropriate lines:
bobbysue:v3l0KWx6v8mQM
billyjoe:x4DtaLTqsElC2
(The password has been encrypted.)
For my example I am restricting access to this URL:
http://www.4-2-0.com/testaccess
I created the directory "testaccess" and in it I put my .htaccess file.
When you go to the above URL you should get a prompt that says:
"Enter username for The 4-2-0 Secret Club at www.4-2-0.com"
Try the username: user1
And the password: qwerty
That should get you in!