MyBestRatedWebHosting's MBRW Second Semi-Annual 2011 Hosting Award has been officially announced! Save yourself time and money by reading our detailed review and learn who received the final award of the industry's best web host!

MyBestRatedWebhosting.com

Protecting your Directories

protecting directory

Does your site have any web pages that contain survey results, sensitive documents or a control panel? Or maybe there is just an image gallery that holds private family photos. In either instance, you will need to secure these directories to prevent hackers and unauthorized individuals from accessing these areas of the site.

Many web hosts operate on Apache servers, such as a Linux or Windows platform. One of the most efficient ways to protect directories found on an Apache server is to create a web-based user authorization system – this is done by using the .htaccess file.

.htaccess is a scheme that works on a username/password basis when a particular directory or page is requested. .htaccess secures it by setting up the username and password in plain text, similar to an FTP or Telnet session.

Protecting a directory on your website with .htaccess calls for you to create two files: .htacess and .htpasswd.

.htaccess: This file is responsible for storing a list of preferences and information pertinent to authorization of the current directory.

.htpasswd: This file is responsible for storing a list of encrypted username and password information that are in use with the server and .htaccess to permit or deny access. Permission is typically granted by the server on a per session basis. This allows the user to access the site without entering a username and password for every request to a web page.

How .htaccess Protects Your Directories

Here is something you should know about a web host: nearly all web servers have been configured to automatically locate index files in every directory of a website. A web host may implement a global configuration system that permits the listing of all files in a directory. If your site contains a cgi-bin directory and the web server enables directory browsing, the website may be at the risk of a serious security issue. An experienced hacker can gain access to every file in your cgi-bin by merely entering it as an extension of the URL. Here is an example:
(www.yoursite.com/cgi-bin/)

Even though many hosting companies use global configuration for directory listing, most of
them also permit the use of the .htaccess file to override these settings. Correctly placing an .htaccess file in your root directory can protect the entire website.

Protect Your Directories with cPanel

Depending on how .htaccess is used, the file can also slow down the performance of a web server. This has caused many hosts to ban or limit a user’s control of the .htaccess file. In this instance, you can then turn to your host’s cPanel to password protect the site and its directories.
Simply follow the directions below to get started:

• On the main screen of your cPanel interface, click the icon above “Password Protect Directories”. This will allow you to enter the “Directory Access Menu”.

• Click on the icon of the directory want to protect.

• In the next window, click the box beside the icon and setup a password for the directory.

• Right beside “Protected Resource Name”, enter the name you want to appear in the login menu for that directory.

• Beside “Username”, enter the name of the user who will be granted permission to that directory.

• Beside “Password”, enter a password for that user and click the “Add/Modify Authorized User” tab.

Securing directories is a large step towards protecting your content; one you will certainly appreciate in the end. When it is time to host your website, these two services will provide the security you need. www.dot5hosting.com offers many great features, including the ability to override with the htaccess file. www.dotster.com is another quality service that comes included with a control panel that allows you to easily protect directories.

See Hosting Comparison Chart

See Top 10 Web Hosting

Visit Dot5 Hosting Official Site

Visit Dotster Hosting Official Site

Related Articles

  • Routt County: Government Site Hacked, Personal and Sensitive Information Safe
  • Hackers Bring Fairfield School District Website to a Halt
  • What is a DDoS Attack?
  • Website Security – What Protection Does Your Web Hosting Company Offer?
  • Shared Web Hosting Security Concerns – How to be Prepared
  • Be Sociable, Share!
    « »
    7th February 2008
    Posted by Web Hosting Consultant in Best Web Hosting Tips

    Submit your Review