.htaccess files allow configuration for on a per-directory basis on a Web server. They're used primarily on Apache Web servers; Microsoft IIS does not support .htaccess files, but has similar mechanisms. (I don't know what IIS has, though; contact your sysadmin if you're in that situation.)
To use .htaccess, the server configuration must allow both.htaccess for the directory in which you want to use the .htaccess file and the directives that you want to use. Not all servers allow such modifications; contact your sysadmin.
Basic authentication (and I mean basic) can be set up by providing a .htaccess file that looks like this:
Usage of this method requires access to the Apache htpasswd utility (which usually requires some sort of remote shell access to your Web service provider) or equivalent front-end. If you use such a front-end, it should give you the information you need to properly fill in AuthUserFile.
There are many ways to get more fine-grained control. The Apache basic authentication mechanism is modelled off the traditional UNIX authentication mechanism, so you can do stuff like allow access to only certain users or groups of users.[0]
Note that the password you send is sent as cleartext. So if you're worried about packet-sniffing, then this isn't the right method; you will want to go further and add better authentication and encryption mechanisms, such as what is provided by MD5-digest authentication[1] or https.
Again, this applies only to Apache servers. Other servers have their own means of implementing and managing authentication; read their documentation, or ask the sysadmin to do it. (Even on Apache servers, it's considered to be good practice to ask the sysadmin to do it and only use .htaccess files when absolutely necessary[2]).
no subject
.htaccessfiles allow configuration for on a per-directory basis on a Web server. They're used primarily on Apache Web servers; Microsoft IIS does not support .htaccess files, but has similar mechanisms. (I don't know what IIS has, though; contact your sysadmin if you're in that situation.)To use
.htaccess, the server configuration must allow both.htaccessfor the directory in which you want to use the.htaccessfile and the directives that you want to use. Not all servers allow such modifications; contact your sysadmin.Basic authentication (and I mean ) can be set up by providing a
.htaccessfile that looks like this:Usage of this method requires access to the Apache
htpasswdutility (which usually requires some sort of remote shell access to your Web service provider) or equivalent front-end. If you use such a front-end, it should give you the information you need to properly fill inAuthUserFile.There are many ways to get more fine-grained control. The Apache basic authentication mechanism is modelled off the traditional UNIX authentication mechanism, so you can do stuff like allow access to only certain users or groups of users.[0]
Note that the password you send is sent as cleartext. So if you're worried about packet-sniffing, then this isn't the right method; you will want to go further and add better authentication and encryption mechanisms, such as what is provided by MD5-digest authentication[1] or https.
Again, this applies only to Apache servers. Other servers have their own means of implementing and managing authentication; read their documentation, or ask the sysadmin to do it. (Even on Apache servers, it's considered to be good practice to ask the sysadmin to do it and only use
.htaccessfiles when absolutely necessary[2]).[0] http://httpd.apache.org/docs/2.0/howto/auth.html
[1] http://httpd.apache.org/docs/2.0/mod/mod_auth_digest.html
[2] http://httpd.apache.org/docs/2.0/howto/htaccess.html#when