I would like to password protect a certain file / directory. Last time I posted a beta of my program for my three testers to DL, I had a fourth DL from a different domain, and this guy hit all of my pages, and got a couple of 404's - he obviously figured out my temp directory, and I forgot to put in a blank index page, so he downloaded it (don't you love the stats?).

Point is, I want to password protect it this time and just give my 3 beta testers a password, and I don't have telnet or the time to learn it just yet (soon, but not now). I already did the .htaccess thing for the error doc, and it works, I just need to know what exactly goes where. I don't really care if it's the same PW for all three, and I am not concerned with high security, just avoiding a pre-release version of my program from being downloaded and posted elsewhere, or even just used without my permission. It may scare this guy away next time.

Is there somewhere to read documentation on the exact format of the .htaccess file? I know the CR LF and ASCII upload rules, I just don't know what to put in it.

Thanks in advance for the help.

Justin

------------------
Justin Nelson, SFE Inc.
http://www.vdj.net

Hey Justin,

You can follow the same directions in the server FAQ forum for this..... skip the first part and start at by making a file named .htaccess ...

(you are now inside of the .htaccess file)
Type in it same as the directions say to and upload it in ASCII etc to the directory you are protecting.

That should do it for it starters....

Deb

Ok, sorry to bug you again http://www.aota.net/ubb/smile.gif but I'm about 3/4 the way there. I have the .htaccess file there, and it asks for a password. A also have the /big/dom/xvdj/.password/.protect file. You explained in the other forum how to create this file, etc., but not what it would look like in a text editor. I tried both user and password on the same line, separate lines, typing password twice, all kinds of variations. If I put only a username in the .protect file, I can accesss the directory with only a username, no password, so I know I'm almost there. If I put anything else in the file, no access period.

Also, curiously, does it have to be .password/.protect, or can I name the dir/file any way I like as long as it's reflected in the .htaccess file?

It's not important, since I should just get a telnet program and do it right, but I'm more familiar with ftp personally. I figured out how to change attributes, etc., with Cute ftp, and so far it's been indespensible.

Anyway, thanks for the help. Like I said, it's just to keep people from browsing my files, which a blank index file will do (although I've heard that there's a way around that, too, but I don't know).

http://www.aota.net/ubb/smile.gifJustin

------------------
Justin Nelson, SFE Inc.
http://www.vdj.net

Ok, nevermind. Microsoft puts so much crap into windows, you'd think that they would tell you about it. I looked in the windows directory, and guess what I found? TELNET.EXE. Hmmm. I thought to check because I found tracert and other stuff in there. Why in the heck do they keep this stuff secret?

Anyway, I got the password thing working great. I still prefer using Notepad for the .htaccess part, but the .protect is slightly encrypted. Nothing I couldn't figure out if I needed to, but I'll just do the telnet thing. It's pretty neat.

Thanks for the advice, though.

Justin

Seek and ye shall find!!! http://www.aota.net/ubb/smile.gif

------------------
Justin Nelson, SFE Inc.
http://www.vdj.net

LOL Yes, that is one of their hidden secrets...

If you want to use the Windows Telnet next time just hit START then RUN and type 'telnet'

it'll pop right up http://www.aota.net/ubb/smile.gif

Deb

Ok, I have one more question about password protecting directories http://www.aota.net/ubb/smile.gif Now that it works, can I use a custom "Not authorized" page? I'm sure that this is possible, and I'd like to have a "Beta Testers" link, and if you're not authorized, you would get a page telling you how to sign up for beta testing.

Of course, I could set up a page that explains this, and place a link on that page to the actual "secret" page, hmm.. Ok, that will work for now. What about using a form on a web page to access this content? How do I do that (if possible)? That would look nicer than the input box popping up.

Any ideas? (I can't seem to stop coming up with more silly ideas and questions!)

Justin

For every question, there's an answer. For every answer, there's a thousand questions (I'm sure that's a famous quote or something, but if not, then you can quote me http://www.aota.net/ubb/smile.gif

------------------
Justin Nelson, SFE Inc.
http://www.vdj.net

it's a conspiracey - so some guys can make more $$ off selling people an overpriced book and/or software about all the secrets to Windows (it's probably Bill gates under a pseudonym too hahaha!)

thats my theory http://www.aota.net/ubb/smile.gif



------------------
Lea
Massachusetts Rabbit Rescue
www.RabbitRescue.org (http://www.RabbitRescue.org)
LJ Massey & Co.
http://www.massey.i-p-d.com/index.shtml

I have to agree there. I found a dos ftp client in there, program manager, file manager, ping, tracert, telnet, a command line Java viewer, among other executables, all undocumented. It's crazy.

You gave me an idea, though. I could write a program that is a front end for all of these things, with a nice graphical interface. I could be the one making $$$ with overpriced software!!!

Just kidding http://www.aota.net/ubb/smile.gif

Justin


------------------
Justin Nelson, SFE Inc.
http://www.vdj.net

There is a great CGI script called "Guardian" from:
http://www.xav.com/scripts/guardian/index.html

It allows not only customized "404" pages but will catch other errors like "401", "403", CGI script errors and attempts to enter "secure" directories.

One nice feature is you can receive an email each time an error occurs. This can be a nightmare also so use with caution. I have disabled it on mine.

It is small and fairly easy to install. It would also be easy to redirect output to any kind of page, be it HTML SHTML CGI etc.
http://www.aota.net/ubb/Forum2/HTML/000028.html

The error code for not authorized is the 401

Sounds like you may want to check out this lil program (I know I plan to http://www.aota.net/ubb/biggrin.gif )

Deb

I am very forgetful - that was in response to another of my own questions - I guess I didn't register the rest. At the time I was concentrating on the 404 part, and now that that's done and working great, I didn't think about it.

I think I have a very short atten - what was I saying? Where am I? I forgot. Oh, well, I'm going to go now, since I forgot why I'm here.

My mind is wandering all over the place today. Must be the cheap cigarettes and coffee http://www.aota.net/ubb/smile.gif

Justin

------------------
Justin Nelson, SFE Inc.
http://www.vdj.net

LOL!

Ditto http://www.aota.net/ubb/smile.gif

Deb