Bibek Paudel’s weblog

Q. Why am I writing this post and why you might benefit reading this, even if you are a non-technical person?

With Nepal Telecom now providing public IP addresses to its ADSL customers, almost all Internet users in Nepal (well, at least in Kathmandu) now have a public IPs assigned to their home computers. Private ISPs had been assigning public IPs before Nepal Telecom joined in. The good thing is that it allows people to access their computers from anywhere. The bad thing is that if people aren’t careful enough, bad guys might do bad things because they also can access those computers.

IP addresses and Dynamic DNS services
“IP addresses” are the numerical names each computer connected to a network (like Internet) is assigned with. Computers call each other by these names. Names like “google.com” or “wordpress.com” are only for human convenience. Such names are called domain names. When you type such addresses, the computers convert them to those numeric codes (called IP addresses) to find the right computer for you. You’d be wondering how a computer does this conversion and if it’s possible for every computer to do that for every domain that exists on the internet. Well, there’s a mechanism that governs this conversion and it is called Domain Name Systems (DNS). There are many DNS servers that keep a record of IP addresses and the domain names they belong to. Your computer queries these servers to correctly determine the address of the computer you wish to connect to.

ISPs in Nepal provide dynamic public IP addresses to you (home users). That means the IP addresses change with time. So, a domain name can’t be assigned to a fixed IP address because that’ll change after sometime. You can, however use a service called Dynamic DNS. Some popular services like DynDNS, NO-IP and TZO provide dynamic DNS service for free. After signing up with such service and configuring your computer (or router) to work with it, you can access your computer from anywhere using fancy names the service allows you to choose from.

.htaccess
After configuring the dynamic DNS service, you can run any server on your computer. I am going to talk about the Apache web server that allows you to access files (in certain specified directory(s)) in your computer from elsewhere. In GNU/Linux systems, the location /var/www/ is the default place from where files are accessed. Using the configuration file named .htaccess, you can do many things like password protecting the files and folders.

Procedure
These instructions are for a Debian based GNU/Linux system (that includes Ubuntu). Let’s suppose /var/www/files/ is the directory you wan’t to password-protect. Create a file named .htaccess inside that directory and enter the following text in the file:

AuthName "Protected Area"
AuthType Basic
AuthUserFile /etc/apache2/.htpassword
require valid-user


You can change he AuthName and AuthUserFile as per your requirements. It is a good practice to place the password file somewhere so that it can’t be accessed via the web. The AuthUserFile specifies the location of the password file. To create the password file (and username bibek in the following example), enter the following command (with proper permissions):

htpasswd -c /etc/apache2/.htpassword bibek


You can assign passwords to more than one users. For subsequent users, the option -c in the above command isn’t required.

Now, change the line AllowOverride None to AllowOverride All in the section of the file /etc/apache2/sites-available/default and restart the web server.

You should be asked for a username and password if you try to browse the directory.

Notes:

1. Please note that .htaccess files at lower level override those at higher levels. For example, if you have a .htaccess file at /var/www/files and /var/www/files/afile/ , then the .htaccess of afile will override that of files for that directory.
2. In case of server errors, make sure your password file has the right ownership and permissions. Apache generally runs under the user and group www-data. The recommended permissions for the file are 0644.

Hope that helps.