Does your site have any web pages that contain survey results, sensitive documents or a control panel? Or maybe there is just an image gallery that holds private family photos. In either instance, you will need to secure these directories to prevent hackers and unauthorized individuals from accessing these areas of the site.
Many web hosts operate on Apache servers, such as a Linux or Windows platform. One of the most efficient ways to protect directories found on an Apache server is to create a web-based user authorization system - this is done by using the .htaccess file.
.htaccess is a scheme that works on a username/password basis when a particular directory or page is requested. .htaccess secures it by setting up the username and password in plain text, similar to an FTP or Telnet session.
Protecting a directory on your website with .htaccess calls for you to create two files: .htacess and .htpasswd.
.htaccess: This file is responsible for storing a list of preferences and information pertinent to authorization of the current directory.
.htpasswd: This file is responsible for storing a list of encrypted username and password information that are in use with the server and .htaccess to permit or deny access. Permission is typically granted by the server on a per session basis. This allows the user to access the site without entering a username and password for every request to a web page.
How .htaccess Protects Your Directories
Here is something you should know about a web host: nearly all web servers have been configured to automatically locate index files in every directory of a website. A web host may implement a global configuration system that permits the listing of all files in a directory. If your site contains a cgi-bin directory and the web server enables directory browsing, the website may be at the risk of a serious security issue. An experienced hacker can gain access to every file in your cgi-bin by merely entering it as an extension of the URL. Here is an example:
(www.yoursite.com/cgi-bin/)
Even though many hosting companies use global configuration for directory listing, most of
them also permit the use of the .htaccess file to override these settings. Correctly placing an .htaccess file in your root directory can protect the entire website.
Protect Your Directories with cPanel
Depending on how .htaccess is used, the file can also slow down the performance of a web server. This has caused many hosts to ban or limit a user’s control of the .htaccess file. In this instance, you can then turn to your host’s cPanel to password protect the site and its directories.
Simply follow the directions below to get started:
• On the main screen of your cPanel interface, click the icon above “Password Protect Directories”. This will allow you to enter the “Directory Access Menu”.
• Click on the icon of the directory want to protect.
• In the next window, click the box beside the icon and setup a password for the directory.
• Right beside “Protected Resource Name”, enter the name you want to appear in the login menu for that directory.
• Beside “Username”, enter the name of the user who will be granted permission to that directory.
• Beside “Password”, enter a password for that user and click the “Add/Modify Authorized User” tab.
Securing directories is a large step towards protecting your content; one you will certainly appreciate in the end. When it is time to host your website, these two services will provide the security you need. www.dot5hosting.com offers many great features, including the ability to override with the htaccess file. www.dotster.com is another quality service that comes included with a control panel that allows you to easily protect directories.
Visit Dot5 Hosting Official Site
Visit Dotster Hosting Official Site
[...] 07, 2008 Protecting your Directories Does your site have any web pages that contain survey results, sensitive documents or a control [...]