Personal Webspace - Security Information
Disabling Directory Listings
To disable directory listings, create a .htaccess file in the root directory of your webspace (the file must be called .htaccess (including the dot) , and place in the the file
Options -Indexes
Password Protecting your site or a directory in your site
To enable protection for a directory, two files are required:
- An access control file residing in the directory to be protected, named .htaccess (including that leading dot).
- A password file, normally called passwd or .htpasswd
The ".htaccess" file
The access control file must reside in the directory to be protected and it must contain at a minimum the following lines to enable password protection:
AuthType Basic
AuthName [Password Area Name enclosed in quotation marks]
AuthUserFile [full path to password file - see below for how to find this]
require valid-user
[Password Area Name] should be replaced with an appropriate name for your password protected area. You must enclose your AuthName entry in double quotes.
[full path to password file] must be changed to the actual location of the password file.
Finding your directory on the server
In order to use .htaccess files you must know the path to your home directory. The following is a simple cgi program which if copied into your personal webspace and accessed in a browser will print out the path to your home directory. You should prepend this to the name of the password file you use for storing username/password information, and use this as the value for "AuthUserFile"
Corporate Webspace
#!/bin/sh
echo "Content-Type: text/HTML"
echo
echo `pwd`
Copy the above text and save it as a file called "homedir.cgi". FTP this file into your webspace, change the permissions on it to make it executable (the method to do this depends on the ftp client you are using) and access it via a browser eg if your username was "fred" then go to http://www.yoursite.com/homedir.cgi
The cgi will print out the path to your home directory. This needs to be used in the .htaccess examples below.
users.on.net (Personal Webspace)
Customers using personal webspace can find out the path to their home directory when logging in via FTP. The path is presented in the FTP welcome message.
Example output:
230-
230-Last updated: Wed Aug 24 12:11:45 CST 2005
230-Homedirectory: /webspace/users.on.net/data/A1/23/A123456/.
230-Diskusage: 9344 kbytes
230-
230 Login successful.
Examples of .htaccess files
users.on.net personal webspace server:
If the path printed out was something like the following "/webspace/users.on.net/data/A1/23/A123456", and assuming you used a file called .htpasswd to store the username/password information in the first directory of your webspace, then the .htaccess file should have the following information in it
AuthType Basic
AuthName "Fred's protected webspace"
AuthUserFile /webspace/users.on.net/data/A1/23/A123456/.htpasswd
require valid-usercorporate unix web space servers (where the example Client ID is A123456):
AuthType Basic
AuthName "Acme Co Reseller Area"
AuthUserFile "/data0/web/A123456/data/.passwd"
require valid-user
If you are unsure of your absolute directory path, please use the script above.
The ".passwd" file
The password file has a format similar to UNIX password files. Each line contains a username and password (in encrypted form), separated by a colon.
It has the general form:
username:encrypted password
For example:
michael:86CO2ExDV.gK2
admin:95GgXYVmodxoc
The password file should remain preferably in a different directory, for security reasons. You can create a separate directory in your web space to contain all your password files if you wish.
On the corporate unix web space servers, we suggest placing the password file the 'data' (as in the above example) directory in the root directory of your webspace as it is not accessible to external users.
Password Generator
You will need an encrypted password for each username you add to your protected directory.
Enter the desired password in the box below, click on encrypt and note the encrypted form of the password.
