Help: How Password-Protect a Folder

How Password-Protect a Folder

This document describes how to configure your webserver such that it requires a valid username and password for access to a folder.

How to Password-Protect a Folder - Apache Web Server

Step 1: Create a text file named .htaccess with the following content:

AuthType Basic
AuthName "Eden"
AuthGroupFile /dev/null
AuthUserFile /full/path/.htpasswd

<LIMIT GET POST PUT>
Require valid-user
</LIMIT>

where /full/path/ has been customized to the full absolute path to your folder.

The file just created will tell the Apache webserver (and variants thereof) to authenticate (ask for username and password) before a visitor can use the directory in which it resides.

Test Step 1: first, close all instances of your web browser. Then open a fresh instance and request this folder. You should be prompted for a username and password. If you are not prompted, stop now - something has gone wrong.

Don't worry about trying to enter usernames and passwords. We haven't defined those yet.

Step 2: define usernames and passwords. At the shell prompt, type:

htpasswd -c /full/path/.htpasswd adam

where "adam" is replaced with the username that you would like to use, and /full/path is the path to your folder. Your server will ask you for twice for a password. If you want to change it later, you can run the same command later without the "-c" attribute.

The set permissions such that the .htaccess and .htpasswd files are readable. The entire sequence is shown below, with user commands in blue:

./auth_test> htpasswd -c .htpasswd adam
Adding password for adam.
New password:
Re-type new password:
./auth_test> chmod 704 .htpasswd
./auth_test> ls -al
total 10
drwxr-xr-x  2 xav  users  512 Jan  5 14:48 .
drwxr-xr-x  3 xav  users  512 Jan  5 14:43 ..
-rwx---r-x  1 xav  users  170 Jan  5 14:46 .htaccess
-rwx---r--  1 xav  users   34 Jan  5 14:48 .htpasswd
-rwxr--r--  1 xav  users   25 Jan  5 14:45 HEADER
./auth_test>

Test Step 2: just request the folder and log in with your newly-defined usernames and passwords. You're done!

Additional reading: http://httpd.apache.org/docs/mod/mod_auth.html