FreewayTalk

Maarten Bos

25 May 2021, 9:04 am

[Pro] password protected areas

I am still working satisfactorily with Freeway Pro 7.1.4 I want to secure a folder on my website. This contains files (PDFs) that visitors can download after entering a password and login code. How can I easily get this done and tell me in more detail how the above protection can be achieved?

David Ledger

25 May 2021, 10:39 am

On 5/25/21 10:04 AM, Maarten Bos wrote:

I am still working satisfactorily with Freeway Pro 7.1.4 I want to secure a folder on my website. This contains files (PDFs) that visitors can download after entering a password and login code. How can I easily get this done and tell me in more detail how the above protection can be achieved?

Just done this for a second site. (Did it years ago on another one).

You have to add (or modify if one is already there) a file called .htaccess to the highest level folder that you want to protect and also add a file containing usernames and encrypted passwords. Everything in and below that folder with the .htaccess file will be protected. You also need to have certain things configured ith the webserver configuration file. Unless you have full root login access to the server you will have to get the ISP to do that, so the first thing is to talk to them about it. They may have some built-in way to do the whole thing.

Apart from the configuration aspect it can all be done using secure FTP. I don’t know how easy it is to do with Freeway alone.

The complications are: 1. Generating the password file. This is traditionally called .htpassword and was traditionally placed next to (in the same folder as) the .htaccess file, relying on a rule in the .htaccess file to prevent it from being seen. Now it is recommended that it is kept outside the area that the webserver serves, which your ISP may or may not give you access to. The format of the .htpassword file is very specific and server dependent. 2. Managing the passwords. You need to have a way for users to change their own passwords and for you to add and delete users. Your ISP may have a way to do this. I have my own written in PHP but they need more exercise before I would trust them enough to let them out.

If your server runs Apache there are tutorials at https://httpd.apache.org/docs/current/ I’ve never used nginx.