Password protecting a web directory can be a useful way to manage web content on a web server. It allows you to restrict access to files placed in a directory based on a username / password.
In order to password protect a directory on the BSCB web server - follow these basic steps:
Create a file called .htaccess within the directory you want to password protect.
[root@local_host ~]$ touch .htaccess
Edit the newly created .htaccess file and add the following lines:
AuthName "Secure Document"
require user username1
require user username2
require user username3
In the AuthUserFile line above - be sure to explicitly state the path to the location of the .htaccess file which is located within the directory you want to password protect. Also, be sure to specify an appropriate username(s) in the require user line(s) above. You need to have a minimum of one username and can has as many as you like.
Create a file called .htpasswd in the same directory as .htaccess
[root@local_host ~]$ htpasswd -c .htpasswd username1
You will be prompted to enter (and re-enter) a password for username1. In this case, a .htpasswd file will be created in the current directory and will contain an encrypted version of the password.
If you have multiple users, you must assign each of them a password as well. To add additional users, you don't create a new .htpasswd file, you simply append the existing .htpasswd file by leaving off the -c option
[root@local_host ~]$ htpasswd .htpasswd username2
The above statement can also be used to change the password on an existing username without creating a new .htpasswd file. If you use the -c option, the .htpasswd file is completely cleared before it is re-created with the last username and encrypted password.
Be sure to set the permissions on the .htaccess and .htpasswd files.
[root@local_host ~]$ chmod 644 .htaccess
[root@local_host ~]$ chmod 644 .htpasswd
Your directory is now password protected and any files located within that directory will now require an appropriate username / password before they can be accessed.
If you receive an "Internal Server Error" message when you try to access your page/directory, check for typing errors in your .htaccess file.
To unprotect the password protected directory, simply delete the .htaccess and the .htpasswd files.
[root@local_host ~]$rm .htaccess
[root@local_host ~]$rm .htpasswd
For more information, you can always consult the following man page(s):
- man htpasswd