Password protecting a directory with Apache and .htaccess

The Apache web server can read .htaccess files located anywhere in your document root to perform different tasks and control settings without changing the configuration files. This may be useful where you don’t have access to change the configuration files or don’t want to mangle with the configuration files to perform easy tasks. In this tutorial we’re going to password protect a single directory on your web site.

First we’ll need to create a file containing users and passwords:

htpasswd -c /etc/apache2/.htpasswd user1
htpasswd /etc/apache2/.htpasswd user2

You can store the password file anywhere you like but I chose to store it where the Apache configuration files are located.

Now create a .htaccess file in the folder you wish to protect (pico /var/www/secret/.htaccess)

AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
AuthName "Enter password"
Require valid-user

Make sure Apache allows .htaccess to override settings. Add these lines into your virtual host configuration and change the directory to your document root (pico /etc/apache2/sites-enabled/000-default):

<Directory /var/www/>
 AllowOverride All

The AllowOverride setting may already be in your virtual host configuration. Make sure it is set to All.

If you changed the AllowOverride setting, restart Apache:

/etc/init.d/apache2 restart

The directory should now be password protected.

If you are getting server errors, make sure the Apache user has permission to read both the .htaccess file and .htpasswd.

chmod 755 /var/www/secret/.htaccess
chmod 755 /etc/apache2/.htpasswd
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Installing Postfix with MySql backend and TLS

In this tutorial we’ll install a ready to use Postfix mail server with MySql backend for virtual...

Installing ionCube

ionCube protects software written using the PHP programming language from being viewed,...

Installing PowerDNS on etch/lenny

The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only nameserver....

Installing Zenoss monitoring system

Zenoss is an award-winning open source IT monitoring product that effectively manages the...

Upgrade from etch to lenny

Debian has released a stable version of Debian 5.0 (lenny). If you’re running previous version of...

Powered by WHMCompleteSolution