Symphony.

Does anybody with more advanced .htaccess skills than me know how to password protect a certain page of a site? I don't want to protect the whole site, only one single page. As Symphony uses "virtual pages" I don't have an actual folder to protect.

Any help appreciated.

Couldn't you do this with Events?

Maybe I have to explain my goal a little more detailed:

I have a blog that is separated into a public and a private area. The private part is protected by a password which I handle with a modified version of the session cookie monster. So for this I have no need of a .htaccess password protection.

But there are RSS feeds two. The one with the private blog entries should only be readable for trusted visitors. As it's possible to specify login details in the feedreader my idea was to protect the feed with a .htaccess. If it could be done with an event it would be great - but I don't know how / in which way this could be done ...

sure you found basics and some tools, but indeed I am clueless too on how to integrate this (modrewrite apache level pw protect for RSS, or even for pages)…

Hi Nils, this should be possible using the FilesMatch directive in your main .htaccess file like so:

<FilesMatch "name-of-rss-page$">
    AuthName "Secret Blog"
    AuthType Basic
    AuthUserFile /server/path/to/password/file/.htpasswd
    Require User SecretBlogUser
</FilesMatch>

Your .htpasswd file must contain the password hash for the requried user, of course. If you have a shell (like the Mac OS X Terminal), you can generate this by typing:

htpasswd -n SecretBlogUser

You will be prompted for the password twice, then the result you need will be output directly in the Shell (to stdout, to be precise).

And when using google reader, or other newsclients, the PW request doesn’t pose any problems?

The RSS client must be able to use authentication. I am using Vienna on my Mac, and it does support this. I am not sure about clients like Google Reader.

I did some experimenting in the meantime, and actually the tricky part is getting the files expression right. If you have a page URL like

http://example.com/service/news/rss/

I actually got it working using

<FilesMatch "service$">

but this means that evrything starting with “service” will be protected. So protecting the feed only will require some more research on the web. But I hope it’s a start.

Has anyone got a example .htaccess they can post to demo this? I need to protect 1 page of a site, keep breaking the .htaccess and getting server errors.

Thanks, Andy

Add the following to your .htaccess file:

AuthType basic
AuthName "Your site/page name"
AuthUserFile /etc/.htpasswd
<Files "your-page/">
  require valid-user
</Files>

Where “Your site/page name” is the text that you want to be displayed in the password popup on load, “/etc/.htpasswd” is the location of your .htpasswd file and “your-page/” is the URL of the page you want locked down.

You can generate a .htpasswd file here: http://www.htaccesstools.com/htpasswd-generator/

Thanks Joseph, all working. Had a stupid moment with the path to .htpasswd on my Windows machine.

Just in case you have problems finding the correct server path, simply use this tool: Tool

It just saved me a few minutes work...

I can get this to work for static files that exist within the root of my Symphony install, but I'm having a trouble getting the .htaccess authorization to work for pages dynamically generated through Symphony.

I've tried using the page name URLs for the page in question, and query string "index.php?=symphony-page=pagename" style as well and neither worked for me.

Is there a special trick to getting the Files directive to apply to dynamic pages?

I am facing the same issue. I want something like this:

ErrorDocument 401 /is/htdocs/wp17369263_ZAJ2Q5K2V8/www/workspace/pages/not-authorized.xsl

...for people entering the wrong password.

But of course this isn't working.