UnixServerAdmin

Server Administration & Management

How to password protect a directory through .htacess file

There are two files you need to create that work together to make a folder password protected on a Linux hosted website.

In the folder that you need to protect, you need to place a file called .htaccess which contains instructions for the webserver to make that folder protected.

In the top level of your site you need to place a file called .htpasswd. The top level of your site is the same directory that your www and cgi-bin directories sit in. This file contains the usernames and their respective encrypted passwords, stored one per line.

Note, the dot at the beginning of .htaccess and .htpasswd signify a hidden file on the Linux server, your FTP program may not always be able to see or deal with them. We recommend you follow these steps carefully.

1. Enter the username you want to use for the password protected folder.
2. Enter the cleartext password you want to use for that user on the password protected folder.
3. Click Submit.
Folder username:
Folder password:

.htpasswd
1. In a text editor, create a file called htpasswd.txt.
2. Copy and paste this text into the file. If you need multiple users and passwords, repeat the above submit and paste each entry in, one per line.
3. Save the file.
4. FTP into your web area.
5. Ensure you are in the top level directory of your site (ie, above the www directory.)
6. Upload htpasswd.txt.
7. Rename the file to .htpasswd

.htaccess
1. In a text editor, create a file called htaccess.txt.
2. Copy and paste this text into the file.
3. Save the file.
4. FTP into your web area.
5. Ensure you are in the directory that you wish to password protect.
6. Upload htaccess.txt.
7. Rename htaccess.txt to .htaccess

Notes
1. The . infront of files on linux servers specifies that it is a hidden file so you may not see it after you rename it.
2. As soon as your rename htaccess.txt to .htaccess, it will start attempting to password protect that directory.
3. The directives inside a .htaccess file will take effect for the directory you upload it to and any of it’s subdirectories. If the .htaccess file is in your www directory, it’s directives will apply across your entire site.
4. When you are testing the password protection, it is common for .htaccess details to be cached by your browser. If it is not working as expected, close the browser and use a new one to test again.
5. Visit httpd.apache.org for more info on htaccess.

Advertisements

June 8, 2011 Posted by | Apache, htaccess | , , | 3 Comments