htaccess Password Protection

Posted by ReniX on 12 September, 2007 - 351 reading
No comments yet
This item was filled under [ Web Server ]

Thanks for visiting! If you're new here, you may want to subscribe to my Rss Feed. This blog posts regular Internet news, updates for apps, security, ideas, hacks, quick fixes and everything about hi-tech. Go ahead, Subscribe to our Feed or Register for Free!

You can protect a specific directory with the . htaccess file by doing the following:

1. Create a new file called . htpasswd in the same way as we created the . htaccess file above.

2. The . htpasswd file uses the following format for storing username and passwords:
username:password

There must be no spaces on the line before username, either side of the colon or after the password text. If you want several people to have access to the protected space, with each having a different login, you can add as many username/password lines as you wish making sure each one is on a separate line.

username can be any text or name but should not contain any spaces.

password should not be entered as plain text because this file could be viewed.

Use the following link to get an encrypted version of your password: http://www.euronet.nl/~arnow/htpasswd , then use the encrypted version as the password for the username.

To simplify the process, a tool now exists that can create your . htpasswd file entries for you which you can then cut/paste into your own . htpasswd file: http://users.plus.net/htpasswd/

3. Now you need to add this to the . htaccess file. Note: the example given is for the www server, it is different for the CGI server which is explained later:

AuthUserFile /share/isp/plusnet/www/uu/username/htdocs/directory/. htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic

require valid-user

The first line is the full server path to your . htpasswd file and will be different for each webspace (note: the path should be entered on the same line as AuthUserFile). To get your correct path for AuthUserFile just replace uu with the first 2 chars of your username, username with your username and directory with the name of the folder/directory you want to password protect. The . htaccess and . htpasswd files should then be put in directory. Note: if you put the . htaccess and . htpasswd files in the root of your site (htdocs on www server), it will password protect the entire site and ask for a username/password each time someone visits so it is not recommended to protect that one. Just place it in the sub directory you want to protect.


You can replace the EnterPassword text of AuthName with whatever you like, this is what is displayed in the login box when you acces the protected area. If you wish the message to have spaces in it, enter it within quote marks, such as “Enter The Password”.

The above example shows the path to use for your www webspace. To find the path to use for your CGI server webspace do the following:

* use telnet (or similar app) to connect to your cgi server shell e.g. telnet plus.net
* Enter your cgi username & password to the login and password prompts
* At the shell prompt ($) enter pwd followed by the return key. This will show your current working directory which is the root of your cgi webspace.
* Use that information + the name of the directory/folder you want to protect as the path for the AuthUserFile line.

E.g.: /files/homeX/username/secret/. htpasswd where X could be 1, 2 or 3.

Once you have created your . htaccess and . htpasswd files and copied them to the directory/folder you want to protect you should test the folder protection via a browser. Enter the URL to the protected webspace (e.g. for www webspace if you put the files into a directory called protected, it may be something like http://www.username.plus.com/protected ). You should then be presented with a login screen where you must enter your username and password. If it works, entering a valid username/password will give you access to the folder, invalid username/password should not allow access to the folder.

If the above fails, check you have created the . htaccess and . htpasswd files correctly and that you have copied them to the correct place. If you used FTP to copy the files to your webspace (www or cgi) make sure you transfered them as text and they have gone into the correct folder. Or ftp them as htaccess . txt and htpasswd . txt and rename them to . htaccess and . htpasswd.

Original Post

Popularity: 351 reading
Tagged with: [ , , , ]
If you like this entry, consider bookmarking or help us promote it. Thank You!
Interesting Articles:

Related post to "htaccess Password Protection"

  • htaccess Password Protection
    Securing Your Computer System

    Today, more and more people are using their computers for everything from communication to online banking and investing to shopping. As we do...


  • Giveaway of the Day - SecureDNA 2007

    Bildsoft SecureDNA 2007 is the new fast and easy encryption suite developed by Bildsoft, which provides high-level protection for every PC...


  • htaccess Password Protection
    1 Million views?

    video by The web-site is Down.


  • Password Bird - Password Generator

    Password Bird is another web 2.0 apps where you can generate you password with the combinations of Your name, Your special Word, and any special...


  • A new version for VLC media player

    VLC media player - the cross-platform media player and streaming server VLC media player is a highly portable multimedia player for various...


  • Wordpress 2.5 Demo Site

    Chris Johnston has announced the availability of a public WordPress 2.5 demo site. You can Login with: The username is admin and the password...


  • Creating Password Protected PDFs

    This guide will help you how to add a password to PDF files. We are using a free software to convert files to PDF. Just download and use Primo...


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

« Preventing hot linking of images
Free Download Windows Live Messenger 8.5 Beta 2 »