Support

Product Support

Download Center

Download Center

Other Resources

Developers

Community

Home > Knowledge Base > FAQ > Can I use ".htaccess" to protect folders in the "web" shared folder?

Can I use ".htaccess" to protect folders in the "web" shared folder?

Answer :

If you're familiar with Linux commands and you'd like to set passwords to protect share folders in the "web" shared folder from being accessed without permission, do this:

Assuming you are going to protect the folder "\web\secret" and only allow the user "alex" to access it with a password.

Create a folder named "passwd" in the shared folder "web".
Create a ".htaccess" file in the folder "\web\passwd". Add the following content to the file ".htaccess":
AuthName "Title"
AuthType "Basic"
AuthUserFile "/volume1/web/passwd/admin.pw"
require valid-user
Use a Linux machine to create an Apache password file named "admin.pw" using the command "htpasswd" and add a new user "admin" in it.
Copy the file "admin.pw" to the folder "passwd".
The file "admin.pw" will be used in the folder "passwd" to prevent normal user from seeing the contents of the folder "passwd". There should be only one user "admin" who can login to "\web\passwd" to manage password. The content of the file "admin.pw" should look like this, but with different codes:
admin:bYj1ACOMXm7FE
Now you are going to proceed with the steps to protect the folder "\web\secret".
Use a Linux machine to create another Apache password file name "normal.pw" also using the command "htpasswd" and add a new user "alex" in it.
Copy the file "normal.pw" to the folder "passwd".
The file "normal.pw" will be used to protect the folder "\web\secret" that you want to protect. You may add as many users as you want to grant access to the folder. The content of the file "normal.pw" should look like this, but with different codes:
alex:puvtNsWczYbgo
user1:uvtpNsWczYbgo
user2:vtpNsuWczYbgo
.
.
Create another ".htaccess" file in the folder "\web\secret\". Add the following content to the file ".htaccess":
AuthName "Title"
AuthType "Basic"
AuthUserFile "/volume1/web/passwd/normal.pw"
require valid-user

Now the folder "\web\secret" is protected with the password saved in "normal.pw" and the folder "\web\password" is accessible by admin user only.

You may follow step 5 to step 7 to protect whatever folder you want to protect. Note that in the file "admin.pw" you can only add one user "admin" in it, but in the file "normal.pw" you may create as many users as you want to grant access to the folder.

2012-09-28 15:58:37

Tags :

PHP/Web Shared Folder System

Applied Products: (Click to open)

Products: Compare Products; Choose a DiskStation; RAID Calculator; NVR Selector

Compatibility: Hard Drive; IP Camera; Printer; Other Devices

DSM: Key Features; For Home; For Business; Surveillance

Resources: Service & Support; Developers; DSM Download; MyDS Center

General: Contact Us; Media Awards; Where to buy; Synology Blog