#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 1999
    Location
    Perth, Western Australia
    Posts
    53
    Rep Power
    15
    Hi,

    Can anyone give me an example of an .htaccess file which forces a username/password to be supplied for access to a single file of many in a directory.

    Also, I want to edit my httpd.conf file to block web browsers displaying the contents of any file with an extension of .inc. I've included this in my httpd.conf file:

    <Files .inc>
    order allow,deny
    deny from all
    </Files>

    ...but it doesn't work. What am I missing?

    Thanks,

    Ross.
  2. #2
  3. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>for access to a single file of many in a directory
    What do you mean? Are you trying to say you wanted to protect only /foo/bar.html but not the other files in /foo directory?
    ########################
    <Files ~ "^.inc">
    Order allow,deny
    Deny from all
    </Files>
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 1999
    Location
    Perth, Western Australia
    Posts
    53
    Rep Power
    15
    Hi freebsd,

    Thanks for your reply. I tried the example you gave, but it didn't work until we modified it to:

    <Files *.inc>
    Order allow,deny
    Deny from all
    </Files>

    and this works great. So thanks for heading us in the right direction.

    Regarding the first part of my original posting - you are right in your assumption as to what I'm trying to achieve. Let me clarify further: Let's suppose I have a directory /test/, and in test I have 3 files a.html, b.html, and c.html. Want I want to do is create an .htaccess file which specifically requires a username and password for access to, for example, a.html. The other 2 files can be accessed through a web browser without restriction. I use .htaccess and .htpasswd files already to block access to complete directories, but can't quite work out the syntax for restricting access to named files only in a directory. I should add that I've searched the web for decent .htaccess tutorials or help, but they vary in quality, none seem to be comprehensive (with a limited number of examples), and none explicitly answer my question.

    Thanks again.
  6. #4
  7. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    1) Put your .htpasswd above your root so visitors can't access it
    #/html/username/.htpasswd
    put username and encryped password of your members

    2) It doesn't matter how many files under how many directories you wanted to protect as they can share a common .htpasswd file

    #/html/username/public_html/test/.htaccess
    <FilesMatch "a.html">
    AuthName "Member Only"
    AuthType Basic
    AuthUserFile /html/username/.htpasswd
    require valid-user
    </FilesMatch>
    #/html/username/public_html/test/a.html is protected
    #/html/username/public_html/test/b.html and all others are NOT protected

    3) /html/username/public_html/foo/.htaccess
    <FilesMatch "bar.html">
    AuthName "Member Only"
    AuthType Basic
    AuthUserFile /html/username/.htpasswd
    require valid-user
    </FilesMatch>
    #/html/username/public_html/foo/bar.html is protected with the same .htpasswd in /html/username/
    #/html/username/public_html/foo/others.html is NOT protected

    ############################################
    The following will not work:
    1)/html/username/public_html/test/a.html is a symlink of /html/username/private/a.html which /html/username/private/ has an .htaccess pointing to /html/username/.htpasswd
    2) Include a.html with a file under a protected directory will not work as well.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2011
    Posts
    11
    Rep Power
    0

    unfortunately not


    Using this method, I only get a "401 authorization required" page, saying

    "Authorization Required

    This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required."
    Using the same htaccess file previously to protect the entire directory, the browser properly prompted for a username and password.

    htaccess looks like this:
    Code:
    <Files "index.html">
    AuthType Basic
    AuthName "Restricted!"
    AuthUserFile   "/blah/blah/.htpasswd"
    Require     valid-user
    </Files>

    Comments on this post

    • salem disagrees : Why did you dig up a thread from 12 YEARS ago!?
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    1
    Rep Power
    0

    Check encrypt your password


    Originally Posted by spaceman
    Hi,

    Can anyone give me an example of an .htaccess file which forces a username/password to be supplied for access to a single file of many in a directory.

    Also, I want to edit my httpd.conf file to block web browsers displaying the contents of any file with an extension of .inc. I've included this in my httpd.conf file:

    <Files .inc>
    order allow,deny
    deny from all
    </Files>

    ...but it doesn't work. What am I missing?

    Thanks,

    Ross.
    Some servers are only accept encrypted password. You can use tool to encrypt your password. After copy into file .htpasswd. You can enter hptt://tools.dynamicdrive.com/password/ to encrypt.
    Wish you success

IMN logo majestic logo threadwatch logo seochat tools logo