Password protect a web directory with .htaccess


Apache references the .htaccess file in web document directories for access control information and other uses. A simple configuration allows password protection with multiple username/password combinations.

In the directory to be protected, create a .htaccess file with contents like this:

AuthType Basic

AuthUserFile /safe/dir/htpasswd

AuthName “Text displayed in popup”

require valid-user

There are many other options for .htaccess, but these are basic password related options to get started. The AuthUserFile refers to a fully qualified file that should not be in the web server document directories. The htpasswd file can be named anything, there can be multiple files storing passwords for .htaccess, and each can be shared for use in multiple directories.

To create the first and second user/password pairs, use:

htpasswd -cb /safe/dir/htpasswd user1 password1

htpasswd -b /safe/dir/htpasswd user2 PaSsWoRd2

Additional user/password pairs can be added using the second form. Be certain to protect the htpasswd file.

Advertisements
Published in: on January 23, 2010 at 2:15 pm  Comments Off on Password protect a web directory with .htaccess  
%d bloggers like this: