Those who like sausages should not see how they are made -- Anonymous
When you are in the midst of developing a web site, you often do not want anyone to see it while it is work in progress. Things are often broken, look ugly, ...etc.
Keeping humans off is not the only reason as well: you also need to keep out search engine crawlers, comment spam bots, email harvesters, Internet Archiver, ...etc.
At the same time, you want specific people to be able to access the site, such as the theme designer, fellow developers, someone from the client's company, ...etc.
So here is a step by step guide on how to do that.
These instructions apply to Drupal and non-Drupal installation alike, as long as you are using the Apache web server. The instructions apply mostly to a UNIX/Linux system from the shell command line (e.g. via ssh to your web host server).
Create the password file
You need to create a password file. This password file must be created with the htpasswd command. Make sure you are in the directory that Drupal is installed (the same directory that has the index.php and .htaccess files).
To use this command, you must say:
htpasswd -c .htpasswd user1
The -c option creates the file for the first time. guest is the ID you will enter the password for.
You will be prompted for a password. Pick one that has both letters and numbers in it.
Modify the .htaccess file
Next, in the .htaccess file, add the following lines.
AuthType Basic
AuthName "Company XYZ Test Server"
AuthUserFile .htpasswd
Require valid-user
The AuthName will appear in the popup window in the browser when the user is prompted for a user name and password.
The AuthUserFile points to the file you created in the previous step.
Now you can pass on the user name and password to the client or others who need to see the site while it is under development.
Further reading
More information can be found in the Apache documentation page on Authentication, Authorization and Access Control.
Comments
Ramdak (not verified)
robots.txt
Thu, 2005/09/15 - 03:14Hello Khalid,
This is useful, but adding some info about robots.txt might make it even more so? When I was working on my test sites, I noticed google, msn and other bots (including some nasties) crawling them and it stopped only after I added that file.
Also, one thing that wasn't clear to me was how people will be able to access the content of a dev site unless anonymous access is turned on. Or, am I confusing something else?
Thanks,
Ramdak
Boris Mann (not verified)
Or just use securesite
Mon, 2005/09/19 - 17:24Or, just enable the securesite module, and you can manage access directly through your Drupal site.
moshe Weitzman (not verified)
thanks for the writeup ...
Tue, 2005/09/20 - 23:31thanks for the writeup ... an even more drupalish solution is to use securesite.module from contrib
Ber (not verified)
securesite.module
Fri, 2005/09/23 - 07:30Your system works very fine, but can require a lot of administrative overhead.
"hi ber, i wanted to add some content, but I lost my password, could you please send it to me again. And could you please not make such hard to remember passwords, please rather use my firstname". Sigh. using one user, 'devel' with password 'pwd' or so works fine for hiding from crawlers etc, yet is insecure.
I recently found out about securesite.module. Just install and configure that, and it works like a breeze!
Boris Mann (not verified)
Or just use the securesite module
Fri, 2005/10/07 - 03:11Or just use the securesite module.