Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


htaccess password protect website

htaccess password protect website

htaccess password protect website

My company wish to place a section of the intranet on our external server and only allow staff access.

They are happy with one password for all users which they will change every month so htaccess is probably a good option for this.

What they are worried about is security of this section, they are adamant they want it external so staff can access from anywhere but prevent it being hacked.

I've searched but not found an answer to htaccess password protection security. Could I ask some questions please?

1. Will htaccess password protection simply allow a user to brute force it or will it prevent access after say 3 failed tries?
2. Does it request the password on each visit or can we use cookies to remember a user (expires 30 days)
3. Is htaccess the best route for this or should I create a php login form?


RE: htaccess password protect website


Actually "htaccess password protection" is called HTTP Authentication, you may find more relevant documentation with that name. There are actually two such authentication methods, the basic and the digest, but none of them uses cookies. And as far as I know, there is no way to limit the authentication's validity. And neither the maximum failed login attempts. HTTP authentication is handled by the browser and credential once entered, the browser will just send it with each request for basic and each time the server requires for digest method.

HTTP authentication is great for protecting static content. Easy, cheap, includes authenticated user name in logs, successfully handled by download tools. But it may be too rigid for certain cases.


Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close