Making a .htaccess file for my subdomain


#1

I have a domain called gauteferstad.com. I also have a subdomain called bachelor.gauteferstad.com. I want this subdomain password protected.
There is nothing in this subdomain except the 3 files it came with including quickstart.html (which has been replaced with index.html) which only states test1.

I made a .htaccess and a .htpasswd file with notepad and placed them inside bachelor.gauteferstad.com. I tried entering the website and yes! I got a question about username and password. But when I entered the page I got an “internal error” message. (The .htaccess icon had a light blue dot inside it. Not the typical e for html. The .htpasswd icon was blank. Like the favicon.ico which is one of the 3 files already in the subdomain. I deleted the two files and everything was back to normal. Index file returns but no queries about username and password.

I had a “chat” with tech. They told me that the panel has an option. I said that I know, but I want to try it myself to know what happens. And it gives me a little more knowledge. He said that I could use the panel, find out how everything works and then just delete the files and try it myself.

I used the panel. Here I also got the question to make a directory for the files. I did and the files .htaccess and .htpasswd ended up in /bachelor/gauteferstad.com/authentication. I tried my website and nothing. Still the index file pops ups without queries about username or password. I tried again, this time also with the option of WebDAV. Still nothing. The only thing now is that I got permission denied when I tried to open the files or edit the properties (chmod). I took away WebDav. I can look at the files. I have now deleted the files. (There is a day between all this, just in case it took some time for the new things to fall in place.)

I want this whole subdomain to be password protected.
I want to make my own .htaccess and .htpasswd file. So the question is.

1: Do I put them right under bachelor.gauteferstad.com? or.
2: Do I make a new directory only for them for example “authentication” and place them in bachelor.gauteferstad.com/authentication?

3: When it comes to the .htaccess file, is this the correct information to put inside it?
AuthType Basic
AuthUserFile /home/USERNAME/.htpasswd
AuthName "My Private Area"
require valid-user

(where I change the USERNAME with my … well username)
4: Chat told me that the files should be places together. And through the panel, when I tried, it also placed the files together (in authentication). So I gather, the two files should be in the same directory?


#2

Ok. here’s an update. I have placed both the .htaccess and .htpasswd file inside the subdomain bachelor.gauteferstad.com. From the forum posts, I am aware that they should not be together, but I can’t quite find any other way to do it. The .htaccess file reads as follows:
AuthType Basic
AuthUserFile /home/USERNAME/bachelor.gauteferstad.com/.htpasswd
AuthName "Password Required"
require valid-user

(USERNAME=my username)

I worked a long time on my .htpasswd file. The wiki tells me to username:password. What it didn’t say and as a beginner didn’t understand was that it means username:encryptedpassword. (it always helps to search and search and search and sooner or later you stumble onto something.

When I enter my bachelor.gauteferstad.com page I get a popup for username and password.

Questions:
1: When I log in, and then afterwards go to another page and then back again, I do not have to log in. I am remembered. How can I change this or do I need to? As of now, I have to restart my computer and then go in on the page to have to login again.
2: On one attempt I got a Warning. This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection). I am guessing this has to have something to do with http and https and 80 and 443? Any solution to this?


#3

[quote]
1: When I log in, and then afterward go to another page and then back again, I do not have to log in. I am remembered. How can I change this or do I need to? As of now, I have to restart my computer and then go in on the page to have to login again.[/quote]

That behavior is expected. Should only have to re-start the browser though.

See Apache Module mod_auth_digest - This module implements HTTP Digest Authentication (RFC2617), and provides a more secure alternative to mod_auth_basic.