Access Authorization is used to allow access to your Web site only by those who have been given special usernames and passwords defined by you (either individual or in batch from a file). Setting up this type of password protection is extremely easy, and can be used to protect a portion of your Web site, or your entire Web site.
Note: Implementation of Access Authorization has absolutely no effect on the ability of visitors to access your pages via FTP (File Transfer Protocol). If you wish to prevent all unauthorized access to your pages, via FTP or the Web, then you need to ensure that your pages are not accessible via FTP also. For information on how to restrict access to your site through FTP please see the WebCom Guide to Using FTP.
The WebCom web server permits you to restrict access to individual directories within your site to individual users, authenticated with passwords.
Users selecting a hotlink pointing to a file stored in a protected directory will be presented with a dialog box asking them for a userid and password. If they enter a valid userid and password, they will be permitted access to any and all files in the protected directory (and any subdirectories).
The user's Web browser keeps a copy of the userid and password, and resends them each time a page is requested. This prevents the user from having to be prompted each and every time they select a link in the same protected directory.
As of this time, it is not possible to nest protected directories within other protected directories. If a user has a password which gets them into a protected directory, then that user will have access to all nested directories regardless of any additional protections. We are hoping this is an aspect of the Netscape server software which will change in subsequent versions.
You can access the online forms to configure Access Authorization by selecting Web site password protection from the Customer Online Services Menu after logging into your WebCom account. You may also directly access the Access Authorization Service, by entering http://webcom.com/~webcom/services/access into your Web browser. You will next be presented with a list of directories within which you may choose to manage or set up Access Authorization. As password protection only applies to access with Web browsers (and not FTP), you will only be able to select your www directory or any directories within it.
You can also configure password protection using the WebCom File Manager, by simply clicking on the "Access Auth" hotlink at the bottom of the File Listing Screen in the directory where you wish to manage or set up Access Authorization.
Note: If you do not see the the "Access Auth" hotlink, then the option to show this link has been turned off in your File Manager Preferences. To activate display of this button, select "Preferences" from the menu of hotlinks at the bottom of the File Listing Screen. The File Manager Preferences configuration screen with then appear. Turn the "Show Access Authorization Button" checkbox on, and then hit the "Save Preferences" button. The "Access Auth" hotlink will now appear at the bottom of your File Manager Screen if the directory being displayed is accessible via the Web.
If Access Authorization has already been set up within the selected directory, you will be presented with the Access Authorization management form. Otherwise, you will be prompted to enter a Directory Description (this will appear within the dialog box requesting a userid and password from the user), before this is presented.
WARNING: Because setting up and removing Access Authorization within a directory requires altering server configuration files, password protection will not be (de)activated until the WebCom Web Server is instructed to reread these files. An automatic WebCom process takes care of this every four hours, but we strongly urge you to double check whether access authorization has been enabled before placing any files on your site that you would not want to be publicly accessible. Once you have enabled password protection in a directory, any additions or deletions of individual users, and updates of passwords take effect immediately.
WARNING: Manual deletion of the access authorization configuration files (.htaccess.pag and .htaccess.dir) will render your directory inaccessible via the Web. Deletion of an access authorization protected directory itself, without first having deleted access authorization, may render your entire account inaccessible.
The WebCom Web Server uses a type of simple database, called a "DBM" (DBM stands for Data Base Management, and consists of a set of programming routines that allow highly efficient access to individual records), in which to store userids and passwords. When access authorization is set up within a directory, two files are created: ".htaccess.pag" (which contains the list of userid and passwords) and ".htaccess.dir" (an empty file).
WARNING: do *not* delete these files manually. If you do so, you will render the directory completely inaccessible! The Web Server will still be configured to look for them, and will return an error message when it is unable to find them.
Note: If an image or file located in a "protected" directory is included in a file stored in an unprotected directory, users will not be able to access that file without having a valid userid for the directory where the protected file is stored. Here's an Example