This domain XAV.COM is for sale.

Home > How Password-Protect a Folder

How Password-Protect a Folder

This document describes how to configure your webserver such that it requires a valid username and password for access to a folder.

This document does not describe how to password-protect a folder on your local computer. If that is what you are trying to do, please try a different manual.

Please contact Fluid Dynamics with comments or questions about this material.


How to Password-Protect a Folder - Apache Web Server

These instructions apply to the Apache web server only. You will need telnet or ssh access to complete these steps. If you don't have that level of access, stop now.

Step 1: Create a text file named .htaccess with the following content:

AuthType Basic
AuthName "Eden"
AuthGroupFile /dev/null
AuthUserFile /full/path/.htpasswd

<LIMIT GET POST PUT>
require valid-user
</LIMIT>

where /full/path/ has been customized to the full absolute path to your folder.

The file just created will tell the Apache webserver (and variants thereof) to authenticate (ask for username and password) before a visitor can use the directory in which it resides.

Test Step 1: first, close all instances of your web browser. Then open a fresh instance and request this folder. You should be prompted for a username and password. If you are not prompted, stop now - something has gone wrong.

Don't worry about trying to enter usernames and passwords. We haven't defined those yet.

Step 2: define usernames and passwords. At the shell prompt, type:

htpasswd -c /full/path/.htpasswd adam

where "adam" is replaced with the username that you would like to use, and /full/path is the path to your folder. Your server will ask you for twice for a password. If you want to change it later, you can run the same command later without the "-c" attribute.

The set permissions such that the .htaccess and .htpasswd files are readable:

./auth_test> chmod 755 .htaccess
./auth_test> ls -al
total 8
drwxr-xr-x  2 xav  users  512 Jan  5 14:46 .
drwxr-xr-x  3 xav  users  512 Jan  5 14:43 ..
-rwxr-xr-x  1 xav  users  170 Jan  5 14:46 .htaccess
-rwxr--r--  1 xav  users   25 Jan  5 14:45 HEADER
./auth_test> htpasswd -c .htpasswd adam
Adding password for adam.
New password:
Re-type new password:
./auth_test> chmod 755 .htpasswd
./auth_test> ls -al
total 10
drwxr-xr-x  2 xav  users  512 Jan  5 14:48 .
drwxr-xr-x  3 xav  users  512 Jan  5 14:43 ..
-rwxr-xr-x  1 xav  users  170 Jan  5 14:46 .htaccess
-rwxr-xr-x  1 xav  users   34 Jan  5 14:48 .htpasswd
-rwxr--r--  1 xav  users   25 Jan  5 14:45 HEADER
./auth_test>

Test Step 2: just request the folder and log in with your newly-defined usernames and passwords. You're done!

Here is a sample .htaccess file and a sample .htpasswd file. You can authenticate against the protected sample directory auth_test with username "adam" and password "password".

Some Apache servers have been configured to not allow password-locking of directories. If you follow the instructions above, but still can't get it to work, then this may be the case on your server. If so, contact your system administrator and request that they enable mod_auth.

See also: http://httpd.apache.org/docs/mod/mod_auth.html