Archive for May, 2011

Howto: Securing a folder with apache’s built in htaccess options

Tuesday, May 24th, 2011

If your web site is running on Apache, and almost all are, there’s a simple way to protect directories on your web server. This method can be very secure, when combined with HTTPS and some good practices on your part, but it can also be a simple way to limit access to just a few people who know a password – perhaps as an alternative to Facebook sharing.

The feature being used is Apache’s HTTP Basic Authentication module. Apache has their own How-To at their web site, but here are the basics:

You need to add two files to your web server, and it helps if you have access to a terminal/command prompt.

Here are two key files and their their contents.

#Force HTTPS
#RewriteEngine On
#RewriteCond %{HTTPS} !=on
#RewriteRule ^(.*) %{HTTP_HOST}%{REQUEST_URI} [R,L]

AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
# Needs full unix file address, output of pwd command
AuthUserFile /var/www/html/examples/guest_w_pass/.htpasswd
Require valid-user

These are basic .htaccess directives, that most web servers should allow. The first segment is to force the use of HTTPS, you might want uncomment that if HTTPS is important to your application. The second section turns on basic authentication and directs the web server to where to get the password file – you can put the password file anywhere your web server can access it and it does not have to be in the same folder as the .htaccess file. You are responsible for finding the full unix path to the file, either from the pwd command or the “Get Info” option inside a file browser.



This file is the results of the command htpasswd -sc .htpasswd guest. The s after the – is for SHA-based password hashing and the c after the – is for create. The file can be added to or updated with the command htpasswd .htpasswd username. Run the command htpasswd --help for more information.

Results Canadians Have Been Waiting For

Monday, May 2nd, 2011

Here are the results you’ve been waiting for: the results of tracking of the Roll Up The Win Campaign from a large Canadian Coffee and Donut chain. collected tweets with the hastag #rolluptherim and extracted ratios and recorded them.

The site really took off when it started tweeting back with the Twitter account . The site automated the awarding and notification of “badges” for different items like drinking more than one “rim” a day, or tweeting about it more than once a day. Of course the best and worst record holders were notified. I was also contacted by the author of the Facebook App “My Rollups” to compare notes – looks like Facebook users are a little luckier.

Here they are, as unscientifically tracked on Twitter, in 2011 there were:

  • 21552 rims
  • 4181 wins
  • 17439 losses
  • 13007 tweets
  • 5853 Total tweet’ers

Here’s a Wordle of the top 150 words tweeted with the hastag #rolluptherim (without that tag)

Here’s looking forward to next year!