Keeping your site (or portions of it) private.
How do I password protect a site managed by Big Medium? How about just a section of it?
Big Medium does not itself offer password protection or a gated subscriber area for the sites that it generates, but you can configure your web server to do this for you, outside of Big Medium.
In a nutshell, you create username/password combinations on your server and tell the web server to allow access to certain directories only for approved users.
If you want to password-protect your entire site, you would apply this authorization requirement to the top directory of your site. If you want to password-protect just one section of your site, you would set the requirement only for the directory that holds that sections' web pages. So, if you have a members-only section of your site located here:
http://www.example.com/private/
...then you would instruct your web server to check for authorized users only on the directory named private.
If you're running Big Medium in a hosted web account, your hosting provider may provide you with a control panel interface to manage your account. These control panels frequently provide a tool for setting up accounts and protecting directories. Check with your hosting company for details.
If you're hosting your own server, or if your hosting company does not provide an interface for protecting directories, you can configure the server to do this directly. A recipe for doing this for Apache servers is included below, but it does require command-line access to the server.
If you don't have command-line access to the server, check with your hosting company to see if they can help you to set up password protection on your site's directories.
.htaccess fileMost Apache servers are configured to allow you to place mini-configuration
files in individual directories of your site to set specific preferences
for that directory and all of its subdirectories. This file is named
.htaccess, and this recipe will use it to require password permission for
a directory in your site.
The following instructions will restrict who is able to view (GET) files from the directory and send (POST) forms into the directory.
Open a text editor like Notepad or BBEdit.
Use the following text as a guideline, changing /my/password/directory
to be the absolute path of the directory where you would like to store your
authentication user names and passwords.
AuthUserFile /my/password/directory/.htpasswd
AuthGroupFile /dev/null
AuthName "Private directory"
AuthType Basic
Note: The absolute path to the .htpasswd file is very important. If
unsure about this path, ask your hosting provider or, from the server's
command line, go to the directory where you would like to keep your user
names and passwords, and type pwd at the shell prompt to display the
directory path.
Save this file as .htaccess, and place it inside the
directory that you would like to protect on the server (or, if a file
named .htaccess already exists in that directory, add the text from your
new file to the existing file).
.htpasswd fileThe .htpasswd file will contain the user names and passwords of the folks
you want to give access to the directory and its subdirectories. In order to
create this file, you have to SSH or telnet to your server's command line.
After connecting to the server, use the cd command to navigate to the directory
you specified in your AuthUserFile (in the example, we used the directory
/my/password/directory).
cd /my/password/directory
To create the .htpasswd file and add the user name "username" to the list of
authorized users, type:
htpasswd -c .htpasswd username
The program will prompt you for a password and then ask you to verify it.
To add additional users (if any), use the same command without the -c switch.
For example, to add the user "seconduser," type:
htpasswd .htpasswd seconduser
Note: To delete users, open the .htpasswd file and delete the row(s)
associated with the specific user(s) that you want to remove.
The change takes effect immediately. After adding an account to the
.htpasswd list, that person will immediately be allowed access to your
password-protected directory when they provide their username and password.
Open your browser and type the URL and path to the directory where you placed the .htaccess file. For example, if you placed the .htaccess file in a subdirectory called "private" that is contained within your web directory, then you would type:
http://www.example.com/private/
If you were successful, you should get a dialog box prompting you for a user name and password.
A common problem is that there is a mistake in the absolute path to the
.htpasswd file. To be certain that you are using the correct absolute path, follow
these steps:
Connect to the shell command line of your server.
Use the change directory command cd to access the directory where your
.htpasswd file is located.
Use the list files to be sure your .htpasswd file is present:
ls -la
Type pwd to display the absolute path to your .htpasswd file. This
path should be identical to the path you selected in Step 1 (in the
example, we used /my/password/directory).
Another common mistake is misconfiguration of the Apache config file. Contact
your hosting company to verify that they allow their users to use
.htaccess authentication.
If you host your own server, open your Apache config file, and make sure the
AllowOverride option is set to "All":
AllowOverride All