Password protecting a directory on the web server

Password protecting a web directory can be a useful way to manage web content on a web server. It allows you to restrict access to files placed in a directory based on a username / password.

In order to password protect a directory on the BSCB web server - follow these basic steps:

Create a file called .htaccess within the directory you want to password protect.

[root@local_host ~]$ touch .htaccess

Edit the newly created .htaccess file and add the following lines:

AuthUserFile /your/directory/here/.htpasswd
AuthGroupFile /dev/null
AuthName "Secure Document"
AuthType Basic
require user username1
require user username2
require user username3

Note:

In the AuthUserFile line above - be sure to explicitly state the path to the location of the .htaccess file which is located within the directory you want to password protect. Also, be sure to specify an appropriate username(s) in the require user line(s) above. You need to have a minimum of one username and can has as many as you like.

Create a file called .htpasswd in the same directory as .htaccess

[root@local_host ~]$ htpasswd -c .htpasswd username1

You will be prompted to enter (and re-enter) a password for username1. In this case, a .htpasswd file will be created in the current directory and will contain an encrypted version of the password.

If you have multiple users, you must assign each of them a password as well. To add additional users, you don't create a new .htpasswd file, you simply append the existing .htpasswd file by leaving off the -c option

[root@local_host ~]$ htpasswd .htpasswd username2

The above statement can also be used to change the password on an existing username without creating a new .htpasswd file. If you use the -c option, the .htpasswd file is completely cleared before it is re-created with the last username and encrypted password.

Be sure to set the permissions on the .htaccess and .htpasswd files.

[root@local_host ~]$ chmod 644 .htaccess

[root@local_host ~]$ chmod 644 .htpasswd

Your directory is now password protected and any files located within that directory will now require an appropriate username / password before they can be accessed.

If you receive an "Internal Server Error" message when you try to access your page/directory, check for typing errors in your .htaccess file.

To unprotect the password protected directory, simply delete the .htaccess and the .htpasswd files.

[root@local_host ~]$rm .htaccess

[root@local_host ~]$rm .htpasswd

Additional Information

For more information, you can always consult the following man page(s):

  • man htpasswd
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to Prevent a Directory Listing of Your Website with .htaccess

If you create a new directory (or folder) on your website, and do not put an "index.html" file in...

Common Regex used for Redirect Rules and SSL

Links to Popular Tools and References: Regex PalRegex Syntax Breakdown So what about the ^ and...