KB / Account Control Panel / Goodies :: Htaccess / WebDAV

From DreamHost

From here you can password protect, block "hotlinking", and/or enable WebDAV for directories within your website!

Remember, this is all for DIRECTORIES and not individual files!

Contents 1 Parent Article 2 Sub-Articles 3 Password-Protecting Directories 4 "Link Protection" 5 Using shell commands to password protect directories

Parent Article

• KB / Account Control Panel

Sub-Articles

• KB / Account Control Panel / Goodies :: Htaccess / WebDAV / WebDAV

Password-Protecting Directories

You can set up a password-protected directory (it doesn't work for individual files, only directories!) through the "Goodies > Htaccess / WebDAV" area of our Web Panel. Here's how:

1. If you have more than one domain with us, click on the domain you'd like to protect a directory under.
2. Click on "Configure a new directory" (or "Add Another" if you already have one).
3. On the next page:
   • Enter the directory you'd like to protect (leave it blank to protect the entire domain.)
   • Enter the name you'd like to call this area (this will appear in the pop-up window asking for your password).
   • Enter a list of all the valid usernames and passwords, each pair on the same line separated by a space, one pair per line, for this password-protected directory.
   • (optionally set up WebDAV and/or "Link Protection")
   • Click the button!
4. Within five minutes that directory on your site will be protected!

You can also accomplish the same thing with shell commands.

After password-protecting your directory, you can also customize the error message users receive when they enter the wrong username and password.

"Link Protection"

From this area you can also set up "link protection".. which is a way to not allow access to files in a directory based on where they're linked from.

The purpose of this is to stop "bandwidth theft", I.E. somebody including images or media hosted from your site inside their web page! Of course, anybody could still download your files from your own site and then upload them to their site, but then at least when people visit their site they'll be using THEIR bandwidth and not YOURS!

To enable "Link Protection", just check off the Forbid linking to files in this dir? checkbox. Then, you can specify the specific file extensions you'd like to block (or leave it blank for ALL files). Finally, you can allow certain domains the ability to still link to those files if you'd like. By default, your own domain is of course included!

Anybody trying to link directly to files you've set up link protection for will then get redirected to your custom 403 "forbidden" page (http://www.yoursite.com/forbidden.html)!

Using shell commands to password protect directories

If you don't have shell access turned on, you can still set up password protection using the Account Control Panel. If you do have telnet access turned on, you have the option to use to do the exact same thing using shell commands.

1. First, create a text file named .htaccess in the directory which you want to limit access. This file should contain the following lines: (Replace username with your username).
   

   AuthType Basic

   AuthUserFile /home/username/pass

   AuthName "Members Area"

   require valid-user

2. Next, create the password file and add your first user. In this case we've set your password file to be in your main login directory. Replace user with whatever username you wish to add. /usr/bin/htpasswd -c ~/pass user
3. You will be prompted to enter the user's password and then re-enter it for confirmation.
4. To add additional users, use the same command as above but without the '-c'. If you do use the -c option your existing password file will be over-written and you will lose any existing users you have created, so make sure you type it in correctly. For example: /usr/bin/htpasswd ~/pass user
5. Edit your password file, and remove users by removing one user per line. You can do this using your own text editor, but we have also made one available that you can use from a command on the server. pico ~/pass

You can can put a file in your main web directory called 'failed_auth.html' and it will be displayed if people enter an invalid username/password combo.

You can remove password protection from a directory entirely by opening up the directory in question and typing in the following command:

rm .htaccess

Note that all files beginning with a '.' are hidden by default when FTPing or viewing a directory listing - even if the file exists in that location.

Note that if FTP access is also enabled, you may want to consider ACL by means of a suitable .ftpaccess as well - DH seems using proftpd, so check ACL section on proftpd's guide.

After password-protecting your directory, you can also customize the error message users receive when they enter the wrong username and password. Read how to here.