Home | All Questions | alt.html FAQ > Server-side basics

How do I password protect a directory?

The method you use for password protecting a directory depends on your server. If you are on *nix/apache, you can use basic authentication. This can be set up with or without telnet access.

There are two server-side ways of password protecting:


.htaccess method

If you want a single username and password for the site then you want the following:

  1. Make sure your Apache configuration (usually /etc/httpd/conf/httpd.conf) has the line: AccessFileName .htaccess
  2. Put a .htaccess file in the directory that contains the files and subdirectories you want protected containing:
    AuthName "Magic Website"
    AuthType Basic
    AuthUserFile /path/to/passwd        #(see below)
    Require valid-user
    
  3. Use htpasswd to create a passwd file (preferably in a non-web accessible directory): htpasswd -c /path/to/passwd username

    where username is the username you want to add a password for, e.g. htpasswd -c /path/to/passwd magic.

    (When adding further users, drop the '-c', and type 'htpasswd --help' or 'man htpasswd' for further help)

Recommended Resources

.htaccess

CGI methods

Discussion

Related Questions