## .htaccess
Quick and Easy/Dirty
First off; the source: User Auth tutorial (untitled) (note: this website seems to be defunct as of April 2005)
The directory index, (note: now also seems to be defunct April 2005) contains other readme's and documentation about user management and user files and such. But to serve my purposes; mainly to remind myself how to simply use .htaccess files for restricting http access to certain files, and to perhaps server as a guide to others.
There are really only a few steps. Go to the directory that you want to restrict, and create a file named .htaccess (...) In the file, something like this, depending on what you want to restrict, should appear.
AuthUserFile /FULL_AUTHDIR_PATH/.htpasswd
AuthGroupFile /dev/null
AuthName DOMAIN_NAME
AuthType Basic
<Limit GET>
require user USERNAME
</Limit>
You can limit other things (besides just GET) as well, such as POST or PUT. Let me quickly explain all of the parts of the file. The first line is the address (full, from the root.. no relative addressing and NO ~ for home; ~USERNAME should still work, though) of the .htpasswd file which I'll explain how to create in a second. For security purposes, you should have the .htpasswd file in a different directory from your .htaccess file. What these purposes are, I am not yet sure of.. but you should. In any case, to create the .htpasswd file (which will be "encrypted"), issue the following command.
> htpasswd -c AUTHDIR/.htpasswd USERNAME
> enter password:
> reenter password:
It'l be something like that; after you've done that, the user "USERNAME" should be able to log in with whichever password you specified on the command line. Cat the .htpasswd file if you'd like to get a "warm feeling of self-satisfaction" as described on sunvan.net. If you're like me; you'll extend a silent "neat" to the encryption and be on your merry way.
To give access to multiple users, do not use the -c (create) flag for htpasswd when entering passwords in the password file; create a group file (previously just /dev/null... now ".htgroup"). The format for the group file is as follows:
valid_users: pete tom andrew biznatch
Now go back to your .htaccess file, and change the AuthGroupFile var to be the full path of the .htgroup file you just created, and within the limit tag change "require user USERNAME" to "require group valid_users". It will work, trust me.
Anyway, since that's all I need to know, that's all you're going to find out from me. Follow the link or snoop around on apache's site for some more info on how it parses them and information on hierarchy and inheritance.