Password Protection

[hidden]

I posted this here but thought since it is in a CSB area it might should go here instead?? Sam?? lol

http://samisite.com/forum/index.php?topic=106.0

Here is what I wrote: I am looking around trying to figure out exactly which type of access file to add to a folder to password protect it. I am working on the private association site mentioned in another post and am building it on software that allows me to password protect each page but I don't think this is what I want to put people through once they are in the site. In this case I wish to have a public opening page and then hide the remainder of the site behind a password so that they can navigate there without having to reenter passwords for each page.. - The forum will be a separate area so it is not included in this situation. I wish it to be one password for all but to not allow back tracking to pages IE it would log people out once they visit so that if someone else sits down at the computer they can not back track to the protected area. I was told I need to load an httaccess file in the www folder - or what ever folder I load those pages into at the particular host I am using. The host I usually use makes this so easy, you just click the folder you want to protect and indicate to password protect it - the type of restrictions you want and then set the password. So I have little experience with this. I have been searching information on the coding needed and find an array of confusing listings. If anyone could get me going in the right direction it would be very appreciated.

Thanks for any help.

[hidden]

I have progressed from looking at how to add an htaccess file - even though it is probably simple enough if people could just make it more clearer in their description of how to do it. That description I haven't found yet and I still leave every page scratching my head         

Now I am looking at the software that allows password protection and adds site encryption. Although on a few really high tech geek sites ( love those sites lol ) I found some mentions of how easy to unencrypt some of the top contenders algorithms really were. I think like what Sammy called another form of password protection, that just about anything we do is just a "speed bump" at least for some people. Obviously serious hackers can probably break in or figure out anything they put their minds to.

Some other benefits of the programs that might help on all of my web sites are - prevention of caching - some do image slicing - they hide pay pal referral button URLs if you have those and email addresses, prevent harvesting and downloading and of course view source is scrambled. Many of them also give you the password protect a folder or a file option. I still haven't found the exact answer to my problem but I am on the trail. Still - just because I feel challenged now - if anyone can refer me to a page that easily describes how to set up htaccess it would be appreciated or if there are comments on web site protection software - I'm all ears.

[hidden]

Wanda, this is the best tutorial I found on htaccess topic.  This tutorial is written for newbies and non-geeks so I found it easy to step by step through the process.

Read the beginning (where I am sending you) then go to the third page for password protection.

The file is made in NOTEPAD, and saved as the name:    .htaccess
Then ftp to your website in ASCII mode, not binary (all ftp software has a mode switch, just turn it off AUTO to ASCII to upload this file).

NOTE:   If you are using cPanel for your webmaster interface, you don't have to do this!!!  Use WEB PROTECT available in cPanel.  Then cPanel will write and maintain your .htaccess file for you!  In Web Protect, you assign a user name, and a password to a folder.

[hidden]

ohhh thanks Sam - I will take a closer look later on. If only I had C panel I wouldn't be looking into this. This site is going on the elcheapo GoDaddy site because the site owner's approval was for up to 100.00 in cost to set up and host the site. At least I am somewhat familiar with them .. I will take another look around to see if I can find a decent site that has Cpanel for the same cost. That cost includes the registration of the name. Heck if I find one close to it, I may out of pocket that expense just to save time. We will see. I am steadily working on the site and researching the protection options all at once. Being this is intended to be a completely private site with some privacy concerns I need to do the best I can to secure it. The encryption software I am looking at may come in handy for my main web site and is a big reason I am considering it. I can't find much on how these programs might slow down a load and that remains a concern. Thanks again! I will give it a go. Just to be able to fully understand it to the point I could follow instructions if I want to will be a relief! lol

I came in to look for the script that I think I remember was given here to tell spiders and search engines not to look at a page .. or a directory.. now where was that..  I will search it out hopefully I will come across it.

[hidden]

1) Of course I will mention cheap host with cpanel: totalchoicehosting where this site is located, $44/yr for 700mb, 20gb transfer plus domain name. So for under $60/yr you get cpanel, email addys, sql, protection and more... There are other low choices I could mention for accounts that I have worked on but I mention TCH first.

2) You may be speaking of a robots.txt file and robots meta tags.
I have mentioned the robots.txt file on my search engine page. And go into the robots Meta tags on this page.  They work together.   GOOGLE discusses robots.txt file in depth here.

You can not make ALL pages password protected.  You can make an intro page with a link to ENTER the site.  That link would lead to a password protected folder.  All pages in that folder could be secure behind the password.

[hidden]

Thanks for the suggestion Sam! But with possibly thousands of pages of documents and images to load, I am not sure that any of the storage/transfer offered for that price can compare. Here is godaddy's 3.99 a month plan:

Plan Features
• 5 GB Space
• 250 GB Transfer
• 500 Email Accounts
• FREE! Software
• 10 MySQL Databases
• 50 Email Forwards
• Forums, Blogging, Photos
• Metropolis Hosting Community
• $25 Microsoft® adCenter Credit†   

The only thing they are missing is a C-Panel and instant password protection. Their free software includes things like the SMF forum and other typical programs found in Fantastico offerings. I still say their control area is the most confounding-est I have ever come across. I love how they always try to tell me its better than C-Panel and other sites. Ahahaha - they have no idea who they are talking to.. not that I am the worlds greatest expert by any means - but I have had enough experience to know if something is difficult to navigate and operate or not for sure. I am still looking for comparable hosts at a similar price point.

Some of the software I am looking at says that you can password protect an entire web site. Here is one. http://www.aevita.com/web/lock/ Actually I found several mentions when I was looking for htaccess information that placing the file in the root directory will protect an entire site. I would rather protect the entire site if I can. So in this case I am not sure about what you mentioned above.


I found and entered the meta tag no index no follow in my headers and am considering also adding another robot exclusion file I found mentioned that appears to be similar to an htaccess file in that you place in the folder you want to exclude. I say this not having reference your links yet. I will do that now.

Thanks again, as always your da bestest!!!

 

[hidden]

To exclude all robots from the entire server I found this

User-agent: *
Disallow: /

Here: robotstxt.org/wc/exclusion-admin.html

This is what I want to do -- After I type this up on a notepad file do I need to save it as anything in particular??

Then FTP upload it to the root folder? I just read your tutorial given above I believe that is all it is saying.

PS your link at the bottom on that page is dead.

Sometimes its the simplest things that are left out of instructions that writers assume you know that really trip me up.  I say to those writers, ASSUME I KNOW NOTHING!

[hidden]

After I type this up on a notepad file do I need to save it as anything in particular??  Sometimes its the simplest things that are left out of instructions that writers assume you know that really trip me 

Wanda we weren't leaving anything out.  We told you the name of the file when we said: robots.txt file
And yes, upload it to the same location where your HOME PAGE for the website is.
It is a simple file, simply made.

Please note that all websites should have a robots.txt file.
This will help guide your spiders.
BUT you need to understand that LEGITIMATE spiders will use that file as an instruction where not to go and will behave.

But the robots.txt (no caps!) file can not prevent your site from being crawled!
BAD SPIDERS may go DIRECTLY to the areas you say stay away looking for goodies they can take.

PS your link at the bottom on that page is dead.

Which page, which link is dead? Did you send me a report of the error (from on my 404 page?)

[hidden]

Thanks again Sammy - At your page here: http://www.samisite.com/publish/spidersandrobots.htm The link from this statement under the Robot Text File Heading is dead "For more information about robot.txt files, take a look at this page." 

PS Sam - that htaccess page was the best! TYVM! I think I can do it now. What has come to my attention about it is that when you send the password information to a site it is not encrypted so the Spys could conceivably glean passwords in transmission. I haven't yet determined if using one of the encryption password softwares prevents that or not. I may have to actually write to them since none of them mention it - or much about some aspects of their programs for that matter. ( Such as how many bits of encryption they use ) This has been a very strange search for me. Usually I find lots of things written about software. For one thing most of them haven't been around that long. The one I found that has been was mentioned in a "super geek" site where it was discussed how easy it was to un-encrypt their code and that they highly exaggerated many of the features of their software. The only other thing that occurs to me is that maybe an SSL layer is what is needed on the site for sending password information. I believe it will encrypt all information that is sent back and forth and maybe a very good thing to have in a sensitive forum. Its new territory for me so I still have a lot to learn.

[hidden]

Glad you liked the htaccess file tutorial.  As I said, it was the best I have found on the issue.

Thanks for the link.  Will check it out and get it fixed!

[hidden]

Wanda, this is the best tutorial I found on htaccess topic.  This tutorial is written for newbies and non-geeks so I found it easy to step by step through the process.

At this address in relation to the above mentioned link javascriptkit.com/howto/htaccess8.shtml

I find this reference:
<Files .htaccess>
order allow,deny
deny from all
</Files>

What I don't understand exactly is .. do you merely type this at the top of the .htaccess file that you create?

I tell you this pass word protect thing is taking way way too much time and making me pull my hair out! I have investigated numerous softwares that do it and they want to charge an arm and a leg to get one site license .. grrr or they don't really do what I want them to do IE they password protect the front page but then by merely typing in anything you want to access you can skip the log in ... worthless!  Because obviously if I can figure out how to do this .htaccess thing I don't want any browsers to read the passwords.. I am still trying to figure out does it set session cookies so that once you enter a password you are good for the entire site? Or does it just work per page? 

Secondly and this might be a subject for another topic I don't know - but I have searched endlessly for information on SSL. I bought and installed an SSL layer to the site in question and then I find that by typing in the regular address and this one is made up such as http:// tinytots.org  or jut typing in tinytots.org will take you to all of the same files but not under the ssl layer because if you type in https:// tinytot.org then it tells you that you are being directed to a secure site etc .. so how the heck do I get the entire site behind that level?


HUGE NOTE FOR FUTURE READERS! I am so sorry I hosted on go daddy because with Cpanel I would have been done days ago. It is to the point I am thinking of out of pocketing the expense and moving the site! major frustrations and hours and hours of my time...

Any help on that .htaccess ? is appreciated

Thanks!

[hidden]

OK before you bother with that .... I have progressed after a call to godaddy --  ooops no no great people really lol  I found that I can not load the password files to a level above the home directory. The overall support there is kind of "If it isn't on a help page we can't help you." YET they offer a direct path to where the files go.. that can not be seen on my ftp program so maybe there is an ftp program that lets you indicate the path .. actually they were really non helpful other than referring me to their help pages .. where .. not having found that before I did determine that the code generator and information at the above link was not an exact match for what they require .. just for anyone with godaddy and this issue here are some relevant links to what I am referring to:

javascriptkit.com/howto/htaccess3.shtml
tools.dynamicdrive.com/password/   what comes up here is not the same as what is shown here:
help.godaddy.com/article.php?article_id=1641
and absolute path to my site is WHERE?? help.godaddy.com/article.php?article_id=58

OKOK BACK TO THE DRAWING BOARD

and on the SSL redirect .. I found this that I have not tried yet ... any comments if I am on the right track?

support.microsoft.com/kb/239875

and then this terrible jumbled mess of instructions.. good grief..
iisfaq.com/default.aspx?View=A407&P=20

EXCEPT THE SITE is not on a windows host but linux.. that may make a huge difference?

And here is what I have decided.. If I can not get the htaccess files working like I want by the end of the day tomorrow I am going to pay for one of those per site licensed softwares that protect folders and do other member things.. out of pocket - I have already spent way way more time than I should have on this but I can't stand giving up on a challenge .. I will think of it as finding a solution not giving up! 

I do still have to redirect away from all of the http pages to https some how though - I hope I figure that one out.

[hidden]

Here is a site that will help create the password file and the .htaccess file
be sure to save the password file .htpasswd above your public files to keep it safe.
Put the .htaccess file in the folder you wish to protect.

[hidden]

Thanks Turtle -- I actually achieved the htaccess last night er this morning but wasn't sure because it takes my server up to an hour to show changes. That was a good link though and told  me something I had not otherwise found anywhere stated simply. That is if you have other htaccess commands they go on the same file.

I was so happy to log onto the site and find it required a password and that after I closed the browswer and reopened, the site it still required a password.

I used a link off of the link Sam gave me that encrypted the passwords for me. Go Daddy doesn't give you access to higher level folders because it is shared hosting but they say that they have secured the files in a way that does not allow downloading.

I haven't figured out the SSL redirect yet. I pasted some code in the htaccess that I found but it isn't redirecting so still working on that.

[hidden]

WooHOO ! I did it! I'm getting good at this web mastering "Stuff" 

here is the .htaccess code to force a redirect from http to https

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

How it works with a password is that if a person tries to enter under an http address they have to enter their password and then it requires them to enter the password again on the redirect. If they come in on an https address then its only one password to enter.

YAY I am moving forward again! 

[hidden]

 

[hidden]

Wanda, its great when one struggles and finally gets it right. I've battled with .htaccess too. Congrats. 

[hidden]

TY! 

Now if I can just figure out how to make it all work well with the SMF forum behind it - I will really be happy! Right now I am frustrated beyond belief.. but as you all know .. that is how it is .. one day your kickdancing  and the next you're bashing your head against the wall 

At least I had a my moment of kickdancing and I enjoyed it while it lasted lol but darn my head hurts!

[hidden]

I am thrilled you got your .htaccess password working!!!
Ain't it a beautiful thing?



Hey Etienne, your vehicle would have to be quite special to pull that many boats at one time!  And watch out for that BORG.... it might get on a boat!
-Samantha

[hidden]

Yep, I got carried away. Its like a new toy. Resistance is futile - you know.