Department of Computer Science and Statistics

President's Message Map and Directions Admission Faculty and Staff URI Info Bank Campus Master Plan

Kingston Campus Feinstein Providence Campus Narragansett Bay Campus W. Alton Jones Campus

Colleges, Schools, Majors, and Departments Course Schedules and Catalog Graduate School Summer Program Academic Calendars and Exam Schedules Enrollment Services

Division of Research and Economic Development Outreach Programs Graduate School University Libraries Marine and Environmental Programs

Team Sports at GoRhody.com Recreation Ryan Center

Events Calendar News Releases The Good 5¢ Cigar inAdvance@URI QUADangles

HowTo: .htaccess

Filed under: Technical References

Posted: March 7, 2009

When you are creating or expanding your webspace under pubic_html, an .htaccess file might provide some additional flexibility and functionality, such as requiring a password for a certain directory or enabling CGI programs in one directory while disabling them in others.

General Instructions

First off, it is worth clarifying a potentially confusing notion. .htaccess is not a type of file extension; it is the file. When you are authoring your .htaccess file under Notepad (if you are a Windows user), then make sure that you save the file as “.htaccess”, verbatim.

When you insert a .htaccess file to a directory, that directory and all of its subdirectories will be affected. However, if there is an .htaccess in a subdirectory of a directory that has a .htaccess file in the first place, then the subdirectory’s file will override the one found higher up the directory tree.

Example: Authentication

If you wish to password protect a directory (say, public_html/priv), start up Notepad (if you’re in Windows) or nano (if you’re in Linux and don’t know vim). Enter in the following information:

AuthName “Authenticated Directory”
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user

AuthName “foo” is just the title of the section of your webspace that you are password-protecting. AuthUserFile should be the full path to your password file (which we’ll get to in just a moment) in Linux format. So, if you are an undergraduate and your username was “jdoe”, then the full path to your home directory would be “/home/ugrad/jdoe”.

Now you need to create a password file called .htpasswd. You can create this .htpasswd file via apache’s htpasswd2 program. To do this, change to the directory in which you want to create the .htpasswd file. Next enter the command as follows:

htpasswd2 -c .htpasswd jdoe

assuming that you are creating a user called jdoe. Since the file does not exist we must use the -c to tell the program to create this file.

Warning: If you use -c when there is already a file there, it will remove the .htpasswd file you have and create a new one. If you want to add a user to the file remove the -c from the previous command.

After you enter this command, you will be prompted to enter a password for the user. Lets assume we entered the password “mypasswordstinksbecauseitsmadeupofwords”. Now when we look at the contents of the file we see that it contains the following line:

jdoe:6IEGX/R6pNXt2

Now if anyone happens to find a way to open that file, they still do not know the password you are using.