Category Archives: DIY

How-To: Password Protecting a Website Directory with .htaccess

Computers, DIY, Website

How-To: Password Protecting a Website Directory with .htaccess

by Richard White

2011-07-19

A friend of mine who maintains a website for his classes recently asked me how to go about creating a password-protected folder for the site. He wants to store materials on there that would be accessible to his students who would use a Name and Password to browse the folder.

In other words, when a user tries to go to a certain location on this teacher’s website, he wants them to have to authenticate with a Name and Password before they’ll be allowed to enter the site.

Here’s how you password protect a folder, in three easy steps.

1. Create the folder that will store the protected material.

For our example, we’ll assume that my account on the webserver is called rwhite, and the website files are all stored in public_html. In that directory public_html, create a new directory “secretstuff”, which is where we’ll be storing our password-protected materials. This folder should have a permission of 755.

(There are lots of different ways to “create a folder”, depending on how you manipulate files on your server. You might ssh in to the server, you might use Dreamweaver or Coda, … If you’re not sure how to manipulate files and directories on your server, learn how to do that first and then come back here!)

So in terms of your websites directory structure, here’s what we have so far (your files and directories will look different from mine–the ones shown are for example only):

/
|---home/
    |---rwhite/
	|---logs/
        |---mail/
        |---public_ftp/
        |---public_html/
	    |---about.html
            |---index.html
            |---secretstuff/

2. Use a text editor to create a text file called “.htaccess” in the folder that you want to protect.

To keep unauthorized users from peeking inside the directory secretstuff, you’ll need to add two additional files to your website that will instruct the server under what conditions it should display the contents.

The first file is a text file called .htaccess that is stored in the secretstuff directory. Note that this filename doesn’t really have a name—it only has an extension (the eight letters after the period). That means that this file won’t show up in most directory listings unless you specifically tell your computer to list ALL files.

Use a text editor—Notepad, TextWrangler, BBEdit, TextMate, vi, emacs, nano, edit, whatever—to create the .htaccess file in the secretstuff directory. The file .htaccess should include these four lines:

AuthName "Secret Stuff"
AuthType Basic
AuthUserFile "/home/rwhite/.htpasswds/public_html/secretstuff/passwd"
Require valid-user

Be sure to save the file with the name .htaccess (including the period in front!). That file should have permissions 644.

What does all of that mean?

First of all, .htaccess is used by the Apache web server to do all sorts of things on your website, and you probably already have a few .htaccess files sprinkled here and there on your site—we don’t want to mess with those. This particular .htaccess file in the secretstuff directory is simply being used to control access to that directory.
The four lines in that file, in order, say:

  1. Display this name in the authentication dialog box.
  2. Use Basic http authentication.
  3. Find the file containing passwords at this location on the server (see step 3 below).
  4. Make sure user has been authenticated before giving them access to this folder.

The only really tricky part about this step is the location of the password file. Note that the .htpasswds directory listed here is NOT contained in /home/rwhite/public_html—placing that directory in a publicly-accessible folder is a security risk. Instead, the .htpasswds directory is contained in /home/rwhite, which is not accessible by a browser. That location IS accessible to Apache, however, which will look at that location to find out which users will provide what passwords in order to gain access to the protected folder.

So here’s what we’ve got now:

/
|---home/
    |---rwhite/
	|---logs/
        |---mail/
        |---public_ftp/
        |---public_html/
	    |---about.html
            |---index.html
            |---secretstuff/
		|---.htaccess

3. Use a text editor to create the text file called “passwd” that we’ll place in the .htpasswds directory.

As discussed above, the passwd file will be be located someplace where a browser can’t get to it. Here’s where we’re going to put it.

/
|---home/
    |---rwhite/
	|---.htpasswds
	    |---public_html
              	|----secretstuff
		    |---passwd
        |---logs/
        |---mail/
        |---publc_ftp/
	|---public_html/
            |---about.html
            |---index.html
	    |---secretstuff/
		|---.htaccess

Note that if you don’t already have a directory called .htpasswds, you’ll need to create it, and then nest inside it the public_html and secretstuff directories. (Although some tutorials will instruct you to place a single .htpasswd file in those location, creating a directory will give you more flexibility later on, should you choose to create additional .htaccess authentications.) The .htpasswds directory and those nested inside it should all have permissions of 644, as should the passwd file itself.

Now, what actually goes IN the passwd file? For our purposes, it’s going to consist of a single line: the Name, a colon, and then the Password that a user will need to get into the password-protected secretstuff directory.

Assuming we want to allow ImaStudent to access the directory using a password of 123456 (not a very good password, obviously), that one line in the file passwd will contain both of those pieces of information, and look like this:

ImaStudent:EdQXJLHVRhCFo

Whoa, whoa, whoa. Where did EdQXJLHVRhCFo come from? That doesn’t look like our password 123456 at all.

That’s because EdQXJLHVRhCFo is an htpasswd “hash” of 123456. Apache is so security-conscious that it doesn’t even want to know what your real password is—it only wants to store a “hash”, or one-way coded version, of that password. When a user enters their password into the authentication box, that hashed password (the EdQXJLHVRhCFo, converted from 123456) will be compared to the hashed version in your passwd file.

So how do you know what hash to include in your passwd file?

There are a few ways to do this. One way is to go to a website like this one and enter your password into the indicated field.

Or, if you wish to do it yourself on the computer, open up a Terminal and on the command line, type

$ htpasswd -ndb ImaStudent 123456

…and you’ll get a line that you can paste into your passwds file.

Once you’ve got everything put together, try going to the page that you’ve created and see if you can see anything. If all works as planned, you’ll be confronted by a dialog box that looks something like this.

By typing in the appropriate Name and Password, the browser should proceed to display the previously hidden contents of that folder!

There’s one more thing you may need to take care of, however, depending on how you want to use the new secretstuff folder. If you’re going to use it to serve up regular webpages like index.html then you’re all done: once a user’s attempt to access the directory is authenticated, those pages will appear just as in any other directory.

You may, however, wish to just dump a bunch of files into that folder that students can access. They might be text files, or Word documents, or graphics. If this is the case, it may also be that your webserver doesn’t by default allow these files to be “indexed,” or listed, and you’ll get an error message like the one above.

This is easily fixed. In your .htaccess file—the same one that we were working on in step 2 above—add a fifth line:

AuthName "Secret Stuff"
AuthType Basic
AuthUserFile "/home/rwhite/.htpasswds/public_html/secretstuff/passwd"
Require valid-user
Options +Indexes

This line will allow this directory’s contents to be Indexed, or listed, even if there aren’t any html files to be displayed.

Now students are able to view or download those files simply by clicking on them in the browser window.

Building Your Own PC, part 3 – Assembling the Pieces

Computers, DIY, Hardware

Building Your Own PC, part 3 – Assembling the Pieces

by Richard White

2011-07-04

So, you’re building your own computer, and you’ve received shipments from Amazon and newegg.com that contain the components that you’ve so carefully selected. Those boxes are piled up in some corner of the apartment, and you’ve managed to set aside a few hours in your schedule during which you can get to work assembling everything into a working computer.

Be aware that this process may take no more than an hour if you know what you’re doing. In my case it took several days of here-and-there work, and that’s not including the week I had to wait for my replacement CPU to come in.

Yeah. There was a replacement CPU that had to arrive.

As previously mentioned, there was a slight hiccup in my ordering: the motherboard I’d ordered, which is perfectly compatible with the Intel i3 CPU I ordered, isn’t compatible with the Intel i3 CPU I ordered.

Confused? I was, too.

The CPU pins are NOT aligned correctly with the socket on the motherboard. Big problem!

It turns out that there are slightly different builds of the i3, some designated 1155, and some designated 1156. These two versions of the i3 chip have different pin configurations, and are completely incompatible with each other. It turns out I’d ordered an 1156 motherboard, and an 1155 chip.

Someone doing a little more research than I’d done might have figured this out… or maybe not. I’d actually cleared my order with a couple of practiced “build your own PC” guys who do this on a regular basis for fun, and they hadn’t known about it either. So… yeah. When the chip wouldn’t fit on the board the way it was supposed to, I did some more digging around on the Internet and eventually figured out what had gone wrong.

These numbers should have been the same--who knew?!

This, boys and girls, is why you keep the old packaging, at least until your machine is up and running. I printed out a return label from the Amazon website and sent back the CPU, and ordered the correct one to replace it. A week later, I was again ready to start building.

The motherboard with the CPU installed, the heatsink/fan over the CPU, and the RAM inserted into the memory slots.

Follow the instructions on whatever website you’re using to guide you in this process. My workflow went like this:

  1. Unpack case and power supply, and install power supply in case, using instructions included with case.
  2. Unpack motherboard and CPU. The instructions included with your motherboard will be awesome! Use them! Find latex gloves (from an old first aid kit) to wear while handling the CPU, or be really, really careful to only hold it by the edges. Install CPU on motherboard.
  3. Install heatsink over CPU.
  4. Install RAM onto motherboard.
  5. Install motherboard into case.
  6. Install drives (CD-ROM, hard drives, etc) into case.
  7. Attach cables from power supply to motherboard and drives.
The motherboard in the case, with the power supply in the lower left, and the disk drives in the lower right.

Theoretically, the computer is ready to go at this point, but… something almost certainly went wrong. A cable attached incorrectly, or a switch on the motherboard that’s in the wrong position. Who knows? Don’t close up the case completely just yet…!

  1. Attach monitor, keyboard, mouse, and power cable to the back of the computer.
  2. Power monitor on, then computer
  3. Play with BIOS as required for your system, following the instructions included with your motherboard.
  4. Install operating system of your choice, typically by booting from a CD, DVD, or USB install disk.

In my case, I ended up installing Ubuntu 10.04 LTS on my computer; this took another hour or so to run through the install process. Followed by an additional hour or so installing updates. If you’re installing Windows, make sure that you also install anti-virus software (AVG is probably the best of the free ones, although you’ll have to search around a bit on the site to get the free version, and not the “free trial”).

And over the course of the next few weeks or so, as I used the machine, I ended up installing additional software on there, as well as copies of all the files on my laptop. That was the original intent of this machine for me, after all: to backup my current computer, and archive other files that I want to hang on to.

Something I’d strongly recommend that you do immediately: create a small text-file on your computer that you use to keep track of software installs, modifications to the machine, etc. Every time I install a new piece of software, I write down the date, the software, and the license key if there is one. Having a list of all the software and modifications to your machine will be invaluable in case of trouble, and can be used as a resource when you end up moving to a new machine at some point in the future.

Building Your Own PC, part 2 – Design and Ordering

Computers, DIY, Hardware, Uncategorized

Building Your Own PC, part 2
Design and Ordering

by Richard White

2011-07-01

There are two reasons you might have for wanting to build your own PC:

  • You have a need for a new computer, or
  • It’s just so frickin’ cool, building a computer.

Ideally, both of these reasons would apply.

In my case, I needed a new machine to replace an old PC that had finally completely failed; the hard drive in the old hand-me-down PC wouldn’t even boot anymore, so I figured it was time to create my own “dream machine.”

If you’ve read the Ars System Guide—highly recommended before embarking on this journey, and to be consulted along the way—you know that their Dream Machine refers to high-end powerhouse computer complete with solid-state disk RAM and a screaming fast graphics card, usually for running processor intensive games under Windows.

My dream machine, however, is a little more utilitarian. For my purposes, I simply needed a machine that I would use for backups of my other machines, and to store and potentially serve media at my house. I don’t need fast booting on this machine, nor even a dedicated graphics card—in my research, I selected a motherboard that had onboard graphics that would be just fine for my purposes.

The money I saved in using a lower-end processor was instead spent on hard drives that would be used for my backups and media. Because these are backups, and even backups need a backup, I eventually ended up with 4 one-terabyte drives: one for the system and media, one for the backups, and the other two mirrors of these first two. (For the more technically inclined, I did not configure these drives as a RAID. I’m simply rsyncing the drives on a periodic basis.)

So that’s my machine. You’ll obviously need to figure out what kind of machine you’re looking to build.

Once you’ve got that sort of figured out, then you can start really looking through the guides to see what kinds of recommendations they might have for you. And for a first-timer, it really does make a whole lot of sense to get some advice from the experts. There are so many different technical considerations that govern whether or not the different components will work together, your chances of designing your own computer—case, power supply, motherboard, processor, memory, hard drives, and graphics card—successfully but without guidance are virtually nil.

Even following someone else’s guidelines, you’re going to face some challenges.

Ordering the various components of your machine consists, then, of poking around on sites that sell these things. Just about everyone I spoke with in the course of building my own machine orders from newegg.com and Amazon.com, who both have a good selection, multiple shipping options, and user reviews that provide yet another data point in your decision on whether to order this hard drive or that hard drive. I ended up ordering my hard drives from newegg.com rather than Amazon for example, because several people complained on the Amazon site about how the drives had been shipped to them. I got my case and power supply and newegg.com as well, because there was a discount for buying them together there.

It took me an evening to finally get my newegg.com order put together, and the next day I finished up with my Amazon.com order. Here’s what I ended up order from each one.

In preparation for next time… can you see the mistake in one of my orders below? Can you determine which part I ended up having to send back??!

Summary of order from newegg.com

Order from Amazon.com

Building Your Own PC, part 1 – Introduction

Computers, DIY, Hardware, Linux, ,

Building Your Own PC, part 1
Introduction

by Richard White

2011-06-30

After many years of hearing about how much fun it was, I finally jumped into the pool this April and built my own desktop PC. It was, in a word, AWESOME, and I heartily recommend that you do the same.

I have a rep as being something of an Apple fan, never mind the fact that I’ve also got Dell and Lenovo laptops dual booting Windows and Ubuntu. The unfortunate truth, however, is that Apple is so picky about making sure their hardware is built to specification, they don’t allow anyone to do it but themselves. I’m not complaining–the results of this policy speak for themselves. But if you’re going to build your own desktop, it’s going to be a PC running Windows or Linux.

And before we get too far into it, let’s be clear: we’re not talking about soldering integrated circuits or transistors onto a circuit board, and testing your electrical engineering skills with an test oscilloscope, or anything ridiculous like that. What we’re talking about is you taking some time to:

  1. Decide what you want to use your new computer for
  2. Settle on components that you’ll be using to assemble your new coputer (even if you’re not really sure what those components might be at the beginning)
  3. Poking around on the Internet looking for advice and good combinations of components that will make the machine you want
  4. Ordering those components online (most likely from newegg.com and amazon.com)
  5. Patiently waiting for those components to arrive
  6. Finding a few hours when you can settle in and try to assemble everything
  7. See that you’ve made a mistake in one or two items that you ordered, and send the ones you received back in to be replaced with what you really wanted
  8. Get new components, and assemble them into your dream machine
  9. Boot into the BIOS, and fix things that may not be working
  10. Install the operating system of your choice, as well as updates and drivers as necessary
  11. Install additional software as desired
  12. Admire your awesome machine!

As you can tell from some of the steps on the list up there, things don’t always work the way you’d thought they would the first time. While this is almost certainly going to be a source of frustration when it happens, you should also look at it as an opportunity to come to a better understanding of the hardware, and a chance to appreciate just how much work goes into getting these things to work the way they’re supposed to.

I’ll tell you how I began the process of building my own machine next post. In the meantime, you have three homework assignments.

First, start thinking about what kind of machine you’d like to build. Is it going to run Windows, Linux, or both? Is it going to be a lightning fast gaming machine, or medium-fast machine that you’ll use for surfing the internet and reading email, or a slower machine that you’ll use for backups, or serving media to other computers at your house? The uses you envision for your machine will determine the design and components you select.

Second, see if you can’t scrounge up a spare mouse, keyboard, and LCD monitor that you can use. You can use borrowed gear for these items at first, at least until you get your machine up and running. If you want to get fancier custom keyboard, mouse, or monitor, you can certainly buy them when you get the components for your computer, but they’re not strictly necessary. (In my case, I pulled an old keyboard and mouse out of the dumpster, and asked the tech people at my school if they were throwing away the old 15″ LCD monitors I saw sitting out in the rain.)

Third, do a little background reading on the Internet to help you figure out what you might want to include in the design of your new machine. Each article / website here comes highly recommended:

Next time? “What’s in all those boxes??!”