Password Protecting Your Directories

Alright, so you need to password protect some directories on your server to keep unwanted eyes off your private pages. Sounds like you need web-based authentication using .htaccess files. This Apache Webserver feature allows webmasters to restrict access to certain directories. The usernames and encrypted passwords are kept in a webmaster-maintained file.

Alright, here are a few things this tutorial suggests:

  • Telnet access to your virtual domain or server.
  • Some basic UNIX command knowledge. Such as editing files (with pico or vi) and navigating through the file system and directories (cd, mkdir, etc.)
  • Half a brain and a little common sense (cant hurt).

Ok, lets start with what your .htaccess file should look like, then well pick it apart.

AuthType Basic
AuthUserFile /home/web/path/to/foo/.htpasswd
AuthName "My Private Pages"
satisfy any
require valid-user
deny from all

Ok, so heres the breakdown...

Short for authentication type, required for using passwords. Just leave this line as "AuthType Basic".

This tells the server where to find your username/password file. Set it to the path where your .htpasswd file will be stored.

This will be the name of the realm you are protecting (i.e. Members Area, Private Pages). When the user is prompted to enter a username and password, this title will appear.

The rest of the lines, for our intents and purposes, will be left as is. This is just a basic tutorial and we dont want to drive ourselves crazy.

Next we need to setup the .htpasswd file. This file will store all usernames and encrypted passwords. This is the file in which the "AuthUserFile" line in our .htaccess file defines the path to. You can setup this file in any directory (assuming permissions are set accordingly) on your server. Ok, so at the telnet prompt type:

htpasswd -c .htpasswd username (where username is, well...)

Note: The -c switch is only used when creating the file.

You will then be prompted to enter a password for the username you just setup. Easy enough! When you want to add more usernames to the file just use to same command but without the -c switch:

htpasswd .htpasswd John

If you want to delete usernames, just open your .htpasswd file in a text editor and remove the appropriate lines.

Security Note: You may want to rename your .htpasswd file to something like .htmypasswords, or something else so that others cant find this file. Also for further security you may not want to keep this file in the same directory as your .htaccess file. Just make sure you change the path that "AuthUserFile" defines.

Alright, well thats the end of my .htaccess tutorial. Keep in mind that this is just one basic way to setup your .htaccess file. The .htaccess file also has other uses, such as customizing error pages (such as 404). For more comprehensive documentation on this topic visit Apaches website.

Reader Comments: (1 posts)

Gustavo says:
It's appropriate time to make some plans for the fuurte and it is time to be happy. I have read this post and if I could I desire to suggest you few interesting things or tips. Perhaps you can write next articles referring to this article. I want to read more things about it!
June 11th, 2012
at 6:02pm EST
Rating StarRating StarRating StarRating Star


Post Your Comments

WARNING: Any comments you post are solely your responsibility. accepts no responsibility or liability whatsoever in connection with or arising from such content. Defamatory, derogatory, or other comments that we feel should be removed will, at our own discretion and ours alone.