[Pro] password protected areas

Freeway
1

I am still working satisfactorily with Freeway Pro 7.1.4
I want to secure a folder on my website. This contains files (PDFs) that visitors can download after entering a password and login code.
How can I easily get this done and tell me in more detail how the above protection can be achieved?

freewaytalk mailing list
email@hidden
Update your subscriptions at:

2

On 5/25/21 10:04 AM, Maarten Bos wrote:

I am still working satisfactorily with Freeway Pro 7.1.4
I want to secure a folder on my website. This contains files (PDFs) that visitors can download after entering a password and login code.
How can I easily get this done and tell me in more detail how the above protection can be achieved?

Just done this for a second site. (Did it years ago on another one).

You have to add (or modify if one is already there) a file called
.htaccess to the highest level folder that you want to protect and also
add a file containing usernames and encrypted passwords. Everything in
and below that folder with the .htaccess file will be protected. You
also need to have certain things configured ith the webserver
configuration file. Unless you have full root login access to the server
you will have to get the ISP to do that, so the first thing is to talk
to them about it. They may have some built-in way to do the whole thing.

Apart from the configuration aspect it can all be done using secure FTP.
I don’t know how easy it is to do with Freeway alone.

The complications are:

  1. Generating the password file. This is traditionally called
    .htpassword and was traditionally placed next to (in the same folder as)
    the .htaccess file, relying on a rule in the .htaccess file to prevent
    it from being seen. Now it is recommended that it is kept outside the
    area that the webserver serves, which your ISP may or may not give you
    access to. The format of the .htpassword file is very specific and
    server dependent.
  2. Managing the passwords. You need to have a way for users to change
    their own passwords and for you to add and delete users. Your ISP may
    have a way to do this. I have my own written in PHP but they need more
    exercise before I would trust them enough to let them out.

If your server runs Apache there are tutorials at
https://httpd.apache.org/docs/current/
I’ve never used nginx.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options