Note: This currently only applies to those users who are xTeleWest/Blueyonder customers. As far as I know, xNTL users webspace does not allow the use of .htaccess directives.
To password protect a directory you need two files, one containing the directives to the webserver telling it what to do and one containing the username/password to be used.
The first file is called .htaccess
Note carefully. The name includes a leading fullstop. Windows may have problems with a file using this name. If you have problems, just call it htaccess for now. You can rename it later with your FTP program after it's been uploaded to your PWP webspace. For help using FTP programs, see here
This file should contain the following lines:
AuthName "test"
AuthType Basic
AuthUserFile %docroot%/../.htpasswd
require valid-user
Put whatever you like between the quotes. This text will be displayed in the password requester window when a user attempts to visit the password protected part of your site.
We are using basic HTTP authentication so don't change this line. You can't use any other type of authentication on basic PWP webspace.
This is the path to your password file.
The final part of line 3 shown as .htpasswd in the example above can be any valid filename you like so long as it is the same file name you use in the next step.
Don't change this.
This is the username/password file. This file contains the actual username you wish to use along with an encrypted copy of the password. There are many utilities to create this encrypted password but there's a nice easy one at tools.virginmedia.com. Just enter the username and password in the text boxes and click the "create password" button. A new page will open showing:
.htpasswd entry
Entry for your .htpasswd file:
dave:rq9ek2ya/XVEU
I used dave for username and test for the password. You should copy and paste the results of using your own data into a new text document and save it as .htpasswd or your chosen name. Note that the file name also starts with a full stop so the same conditions apply as above when using Windows.
As far as I can tell, the Zeus webserver used for the VirginMedia PWP (xblueyonder) does not support the directory directive so you can't just put your .htaccess file in any old location and specify which directory you want to protect. You have to place the .htaccess file into the directory you wish to protect. Note that this will also automatically protect all directories below the protected one.
So, to protect, for example, http://{youralias}.myby.co.uk/secretplace you will need to put the .htaccess file into /htdocs/secretplace (remembering to use your FTP program to rename it with the leading fullstop if required)
This file is the important one. It needs to be somewhere that hackers and crackers can't get to it. The password file is stored at the very top of your PWP space, the "root". This is above the htdocs directory where your web pages go. When in this directory with your FTP program, you should see three directories, htdocs, logs and stats. This directory is not accessible by any means to a site visitor and so is a safe place to put your password file. All files stored in htdocs are vulnerable to being "scraped" by anyone being nosy. This would give a hacker the username and easy access to the encrypted password
Using tools.virginmedia.com, create more usernames and passwords as required and add them to your .htpasswd file, one per line so you can give each user their own access. They all get the same access, but it does mean you can later block a user by removing their username/password line.
Remember above I mentioned that the filename used for your password file can be any valid filename? Well, this is why. If you need to protect a different area with a different usernames/passwords, just put a new .htaccess file in that directory, change the name on Line 3, AuthUserFile %docroot%/../.htpasswd so the .htpasswd is different, eg. .area51_pw and follow the steps to create the password file but instread of calling it .htpasswd, call it .area51_pw.
If you find you want to protect a number of directories with different groups of users/password, you might want to consider creating a new, dedicated directory for your password files. You can do this by going to the root of your webspace with your FTP program and creating a new directory there called, eg passwords. You will then see four directories, htdocs, logs, paswords and stats. Put your password files in the passwords directory and change all your .htaccess files so that line 3 reads
AuthUserFile %docroot%/../paswords/.htpasswd
replacing .htpasswd with the name of the relevant password file
By default, VM webspace defaults to a 403 Forbidden error if you try to access a directory in your webspace which does not have a default page called one of index.html, index.htm, default.html or default.htm. You can change this behavior by adding
Options Indexes
to your .htaccess file. As mentioned above, this will apply to the directory containing the .htaccess file and all directories below it. You can override this behaviour by using more than one .htaccess file so for example, you could enable file listiing globally by putting the Options Indexes directive into .htaccess in your webroot directorty at /htdocs but then disable file listing in /htdocs/private by placing another .htaccess file containing Options -Indexes
The "prettyprint" directive, IndexOptions FancyIndexing is not supported
Yes. but this page is only about password protection/user authentication. If you want to experiment, have a look at The VirginMedia WebSpace help area for information specific to your VM webspace. Also, have a look at The Apache Tutorial for more help on .htaccess directives. Be aware that Zeus is not apache and even those directives which Zeus does support may be disabled in the PWP implementation.
In the past, xBlueyonder/Telewest Personal Web Space was available in two flavours.
Tier 2 webspace is no longer an option with VirginMedia. Existing users continue to enjoy the facility but no new users are being accepted
VirginMedia are currently working to harmonise the three various webplatforms (xBlueyonder, xNTL and xVirgin.Net). Once that process is completed, they will look again at what kind of webspace users want and what can be offered. It may or may not happen. If it does, it may or may not bear any resemblance to the aforementioned Tier 1 and Tier 2 offerings.