What are .htaccess files?
The most common and the original purpose of .htaccess files is
to create per-directory password protection of resources. With
modern webservers there is vast amount of other things .htaccess
files can do. These include: custom error pages, ip based access
control, redirecting users automatically, denying directory listing
and using different files as an index file.
File_HtAccess concentrates only
to password protection of directories, although it is possible to use
it to control other things mentioned above too.
A .htaccess file is built from the following basic directives. They
differ a bit whether youre using Basic or Digest authentication.
Table 38-1. Directives
Authentication type being used, "Basic" or "Digest".
Authentication realm or name.
Full path to password file if using Basic authentication.
Full path to group file if using Basic authentication.
Full path to password file if using Digest authentication.
Full path to group file if using Digest authentication.
Requirements which must be met to grant access.
File_HtAccess provides method accessor methods with corresponding names
for each of these directives, such as getAuthType() and setAuthType().
A typical .htaccess file looks like this:
What is Basic authentication
When a client requests resource protected with basic authentication
webserver responds with a 401 Authentication Required header. When
client receives 401 header it asks the user for username and password.
If authentication succeeds, the protected resource will be sent to
the client. Otherwise the access will be denied.
What is Digest authentication
Even though the passwords are stored encrypted on serverside they are
sent cleartext between client and server when using Basic authentication.
With Digest authentication the passwords are never sent cleartext but as
a MD5 digest instead. The caveat is, most browsers do not support Digest