Password protect a web directory with .htaccess

Apache references the .htaccess file in web document directories for access control information and other uses. A simple configuration allows password protection with multiple username/password combinations.


In the directory to be protected, create a .htaccess file with contents like this:

AuthType Basic
AuthUserFile /safe/dir/htpasswd
AuthName "Text displayed in popup"
require valid-user

There are many other options for .htaccess, but these are basic password related options to get started. The AuthUserFile refers to a fully qualified file that should not be in the web server document directories. The htpasswd file can be named anything, there can be multiple files storing passwords for .htaccess, and each can be shared for use in multiple directories.

To create the first and second user/password pairs, use:

htpasswd -cb /safe/dir/htpasswd user1 password1
htpasswd -b /safe/dir/htpasswd user2 PaSsWoRd2

Additional user/password pairs can be added using the second form. Be certain to protect the htpasswd file.

 

About Quinn McHenry

Quinn was one of the original co-founders of Tech-Recipes. He is currently crafting iOS applications as a senior developer at Small Planet Digital in Brooklyn, New York.
View more articles by Quinn McHenry

The Conversation

Follow the reactions below and share your own thoughts.

Leave a Reply