How Password-Protect a Folder
This document describes how to configure your webserver such that it requires a valid username and password for access to a folder.
This document does not describe how to password-protect a folder on your local computer. If that is what you are trying to do, please try a different manual.
Please contact Fluid Dynamics with comments or questions about this material.
How to Password-Protect a Folder - Apache Web Server
These instructions apply to the Apache web server only. You will need telnet or ssh access to complete these steps. If you don't have that level of access, stop now.
Step 1: Create a text file named .htaccess with the following content:
AuthType Basic AuthName "Eden" AuthGroupFile /dev/null AuthUserFile /full/path/.htpasswd <LIMIT GET POST PUT> require valid-user </LIMIT>
where /full/path/ has been customized to the full absolute path to your folder.
The file just created will tell the Apache webserver (and variants thereof) to authenticate (ask for username and password) before a visitor can use the directory in which it resides.
Test Step 1: first, close all instances of your web browser. Then open a fresh instance and request this folder. You should be prompted for a username and password. If you are not prompted, stop now - something has gone wrong.
Don't worry about trying to enter usernames and passwords. We haven't defined those yet.
Step 2: define usernames and passwords. At the shell prompt, type:
htpasswd -c /full/path/.htpasswd adam
where "adam" is replaced with the username that you would like to use, and /full/path is the path to your folder. Your server will ask you for twice for a password. If you want to change it later, you can run the same command later without the "-c" attribute.
The set permissions such that the .htaccess and .htpasswd files are readable:
./auth_test> chmod 755 .htaccess ./auth_test> ls -al total 8 drwxr-xr-x 2 xav users 512 Jan 5 14:46 . drwxr-xr-x 3 xav users 512 Jan 5 14:43 .. -rwxr-xr-x 1 xav users 170 Jan 5 14:46 .htaccess -rwxr--r-- 1 xav users 25 Jan 5 14:45 HEADER ./auth_test> htpasswd -c .htpasswd adam Adding password for adam. New password: Re-type new password: ./auth_test> chmod 755 .htpasswd ./auth_test> ls -al total 10 drwxr-xr-x 2 xav users 512 Jan 5 14:48 . drwxr-xr-x 3 xav users 512 Jan 5 14:43 .. -rwxr-xr-x 1 xav users 170 Jan 5 14:46 .htaccess -rwxr-xr-x 1 xav users 34 Jan 5 14:48 .htpasswd -rwxr--r-- 1 xav users 25 Jan 5 14:45 HEADER ./auth_test>
Test Step 2: just request the folder and log in with your newly-defined usernames and passwords. You're done!
Some Apache servers have been configured to not allow password-locking of directories. If you follow the instructions above, but still can't get it to work, then this may be the case on your server. If so, contact your system administrator and request that they enable mod_auth.