UBB.Developers Forums Community Development Programming PHP and Server-side Scripting htaccess & ubb ??

I'm running version 5.47e, is there a way to password protect is with htaccess ?
If so, what program or script would be the best to use ?
Also, some advice installing this would be a HUGE help

I'm trying to make my ubb completely private and I don't want to use the SHTML mod ]

Thanks

Have you got Apache as your Web server?

If you use apache try this: http://faq.clever.net/htaccess.htm

thanks guys,
I got this working in a public folder.
I've tried using these instuctions in a cgi-bin folder and it won't work
Is there something you have to different in a cgi-bin folder?

Most hosts disable .htaccess files in their cgi-bin - you should contact them concerning this.

Thanks Charles
Ok what about his one...
They say I htaccess a root/public folder, which I got working at the present momment and I link the fourms from one of the pages in my htaccess folder.
This won't protect it right ?
Is there a way the hide the urls/links of the forums somehow ? Because this is becoming a pain in the rear end

Thanks again for your help

Er, can you re-describe the setup of your board and where you have .htaccess files?

I have my boards in the cgi-bin folder and my htaccess files in a folder(members) in the root dir.
I guess my provider doesn't allow htaccess in the cgi-bin folder
I've tried setting up my boards in the same dir as the htaccess protected folder (members) which is in the root dir, but the boards don't work unless the scripts are in the cgi-bin folder

Which makes sense (unfortunately)

My server was originally set up that way, and I had to change httpd.conf to allow .htaccess in cgi-bin.

I figured Apache disabled .htaccess in cgi-bin for safety, since .htaccess files could potentially cause security issues if used improperly. Is that the reason why a provider would not want .htaccess in cgi-bin?

Almost certainly.

That or they're also just using the apache default config...

So I should call and ask this to be changed
Thanks for all your help guys !

you can try to upload a script to the cgi folder to generate the httacces files, might work

indexsoft .htpasswd manager
Download script

Thanks M_30-john
I'll try it, oh btw this isn't going to get me into any trouble ?

May I know.... how htaccess can improve your website security rather than using normal UBB login procedure?

What I know is that htaccess password is transfered without encryption, so any sniffer can tap the information.

Nice addition against common bruteforce crackers... you'd get quite pissed after spending hours if not days bruteforcing the .htaccess authentication password, only to get to another user/pass protected page, now wouldn't you?

you can use encryption... also you can create password files with crypt()... but the program in the above link uses apache's 'htpasswd' binary...

funny I didnt see the second page

This wont get you into any trouble imo, you need to ask your site hoster for the location of the htpasswd file (to generate the password files)
Apache uses some default locations which you try first though.

the passwords are/can be encrypted by 3 differend standards so sniff ahead

btw, I succeeded in protecting my cgi-bin this way, the control panel suplied me only with a way to httaccess my httpdocs and httpsdocs directories.

If Apache doesn't let you have .htaccess in the cgi-bin, it won't let you have .htaccess in the cgi-bin AFAIK.