NetGate Internet Products and Services 1-877-715-4927
Hosting Access Support About Us Contact Us
Sign Me Up!

Support
Support Home
WebInfo
     Hosting
     Access
WebDirect
Phone Support
System Status
 
 
Search Our Site
Access Control for your Web Site

NetGate provides access control functionality with all hosting accounts. Using access control features allows you the ability to control who can gain access to all or any subset of your site.

Please note that we do support using host names or domain names with any of the access control directives. We do support using IP addresses and IP address ranges.

To setup a typical password protected access control situation where you assign a password, or passwords to your site is fairly easy two step process.

Step 1 - Create the password file using the UNIX htpasswd program.
Step 2 - Install a ".htaccess" file into the section of the site you want to protect

Example Site Set Up

Use your favorite telnet application to login to the host where your account resides.

  1. Create the password file.
  2. Select a location for your password file. Anywhere is fine but we recommend that you put it at the root level of your directory. For this example we'll create a new directory named "security".
  3. Type "mkdir security".
  4. Type "cd security" to change directories to the new directory.
  5. Type "htpasswd -c htpasswd joe". This creates a new password file named "htpasswd" in the current directory and adds the user "joe" to the file. You will then be prompted for joe's password, type it in and you're done.
  6. Create the ".htaccess" file. The "htaccess" file controls who can access the site. In this example lets say we had a directory under our www (main web site directory) named "protected" that we wanted to protect.
  7. Type "cd ~/www/protected" (to get to the protected directory).
  8. Use your favorite editor to create the ".htaccess" file. This can be one of the UNIX editors (vi, pico, etc.) or you can create the file on your local system and use ftp to transfer it to this directory. The file needs to contain the following information:

    AuthUserFile /u1/vphome/username/security/htpasswd
    AuthName ByPasswd
    AuthType Basic

    <Limit GET>
    require valid-user
    </Limit>

Note: the text following "AuthUserFile" is the path to the "htpasswd" file and will vary depending on your account type and how you choose to set things up. You may change the "ByPasswd" to something more descriptive. But leave the "valid-user" string alone.

You're done! You have now protected all of the pages in and under the "protected" directory. At this point the only user allowed to access the pages is "joe".

Adding Additional Users To Your Password File

To add additional users to your password file all you need to do is the following:

  1. Type "cd ~/security", to change your current directory to the directory where the  "htpasswd" file exists.
  2. Type "htpasswd htpasswd kevin" to add the user "kevin" to your password file. Do the same for any additional users you want to allow into your site.

Deleting Users From Your Password File

To delete a user from your password file follow these steps:

  1. Type "cd ~/security", to change your current directory to the directory where the "htpasswd" file exists.
  2. Use your favorite editor to edit the "htpasswd" file. Delete the line containing the user you no longer wish to have access to your site.
More Information

Apache Server Specific Access Control Information

Access Module
Error Control
NCSA Compatibility Notes

Customized Error Reply (NCSA OnDeny Directive)

The Apache server doesn't support the "OnDeny" directive in the".htaccess" file and it is more strict with the over all format of the access directives. For more information please see the Apache documentation related to access control.

You can get the same functionality as provided by the NCSA "OnDeny" directive using the "ErrorDocument" directive but the referenced document cannot live inside the protected area. For an example see the included ".htaccess" file below. For more information please see the Apache documentation related to error control.

.htaccess file example

ErrorDocument 403 http://www.netgate.net

order allow,deny
deny from 209.123.245.0/255.255.255.0 208.123.212.5
allow from all

This example denies access from any host with an IP address in the 209.123.245.x range and with the IP address of 208.123.212.5. If a host with one of these IP addresses attempts to access the restricted area they receive a "403" error and are redirected to the NetGate homepage.

NCSA Access Control

Even though we're now running the Apache server, NCSA has some excellent information available concerning setting up access control. Unfortunately not all of it is applicable to the Apache server but it's still a good place to start and 95% of the information still applies.