Tuesday, March 1, 2011

Windows Authentication - Hiding URL's from search engines and users

Hi,

If you want to put windows authentication to your website, it can be achieved by simply using 2 files. One is the .htaccess and the other is the .htpasswd. The idea of using this is to prevent certain sections of your website to be accessed by the end user or from being crawled by search engines. For example, if you have a admin in a separate folder but in the same root directory of the site, then obviously you do no want your admin pages to get indexed by search engine. This is when windows authentication comes in play.

Whenever search engines try to crawl your website and finds a windows authentication to a page, the URL does not get indexed. And even if by chance any user gets to know such an URL, they cannot see the page unless they have entered the correct credentials. I am using localhost for this demonstration. Here is how an authentication box looks like:


Here is how you can achieve this. Create or modify your .htaccess file and add in the following:




AuthType Basic
AuthName "FORBIDDEN AREA"
AuthUserfile "../htdocs/forbidden/.htpasswd"
Require valid-user

Create another file .htpasswd, with the user id and password as follows:

user:pass
user2:pass2

The absolute path of . htpasswd file needs to be given in:
AuthUserfile "../htdocs/forbidden/.htpasswd"

Now in my . htpasswd I have created two users: user/pass and user2/pass2

That's it. Best of luck.

No comments:

Post a Comment