利用.htaccess将一个目录加上密码保护分两个步骤。第一步是在您的.htaccess文档里加上适当的几行代码,再将.htaccess文档放进您要保护的目录下:
AuthName "Section Name"
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user
There are a few parts of this which you will need to change for your site. You should replace "Section Name" with the name of the part of the site you are protecting e.g. "Members Area".
有几个小部分您可能需要根据您的网站情况而修改一下。用被保护部分的名字替换掉”Section Name”,例如"Members Area"。
The /full/parth/to/.htpasswd should be changed to reflect the full server path to the .htpasswd file (more on this later). If you do not know what the full path to your webspace is, contact your system administrator for details.
另外/full/parth/to/.htpasswd 应该替换为指向.htpasswd文档(后面详述该文档)的完整服务器路径。假如您不知道您网站空间的完整路径,询问一下您的系统管理员。
The .htpasswd File
Password protecting a directory takes a little more work than any of the other .htaccess functions because you must also create a file to contain the usernames and passwords which are allowed to access the site. These should be placed in a file which (by default) should be called .htpasswd. Like the .htaccess file, this is a file with no name and an 8 letter extension. This can be placed anywhere within you website (as the passwords are encrypted) but it is advisable to store it outside the web root so that it is impossible to access it from the web.
目录的密码保护比.htaccess的其他功能要麻烦些,因为您必须同时创建一个包含用户名和密码的文档,用于访问您的网站,相关信息(默认)应位于一个名为.htpasswd的文档里,像.htaccess相同,.htpasswd也是个没有文档名且具备8位扩展名的文档,能够放置在您网站里的任何地方(此时密码应加密),但建议您将其保存在网站根目录外,这样通过网络就无法访问到他了。
Entering Usernames And Passwords 输入用户名和密码
Once you have created your .htpasswd file (you can do this in a standard text editor) you must enter the usernames and passwords to access the site. They should be entered as follows:
创建好.htpasswd文档后(能够通过文字编辑器创建),下一步是输入用于访问网站的用户名和密码,应为:
username:password
where the password is the encrypted format of the password. To encrypt the password you will either need to use one of the premade scripts available on the web or write your own. There is a good username/password service at the KxS site which will allow you to enter the user name and password and will output it in the correct format.
“password”的位置应该是加密过的密码。您能够通过几种方法来得到加密过的密码:一是使用一个网上提供的permade脚本或自己写一个;另一个很不错的username/password加密服务是通过KxS网站,这里允许您输入用户名及密码,然后生成正确格式的密码。
For multiple users, just add extra lines to your .htpasswd file in the same format as the first. There are even scripts available for free which will manage the .htpasswd file and will allow automatic adding/removing of users etc.
对于多用户,您只需要在.htpasswd文档中新增同样格式的一行即可。另外更有一些免费的脚本程式能够方便地管理.htpasswd文档,能够自动新增/移除用户等。
Accessing The Site 访问网站
When you try to access a site which has been protected by .htaccess your browser will pop up a standard username/password dialog box. If you don't like this, there are certain scripts available which allow you to embed a username/password box in a website to do the authentication. You can also send the username and password (unencrypted) in the URL as follows:
当您试图访问被.htaccess密码保护的目录时,您的浏览器会弹出标准的username/password对话窗口。假如您不喜欢这种方式,有些脚本程式能够允许您在页面内嵌入username/password输入框来进行认证,您也能够在浏览器的URL框内以以下方式输入用户名和密码(未加密的):
http://username:password@www.website.com/directory/
Summary 小结
.htaccess is one of the most useful files a webmaster can use. There are a wide variety of different uses for it which can save time and increase security on your website.
.htaccess是个站点管理员能够应用的一个强大的工具,有更多的变化以适应不同的用途,能够节约时间及提高网站的安全性。
文章整理:西部数码--专业提供域名注册、虚拟主机服务
http://www.west263.com
以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢!
