Question: How can I password protect directories?

Yes, you can password protect specific directories within your website. As such, visitors will be prompted for id and password to gain access to any web page within such a directory. This does NOT affect FTP access.

Please note that this method only works if the directory you're trying to protect is served exclusively by Apache. If you have jsp/servlet support with Resin, JBoss, or Tomcat, you will have to configure directory protection within your JVM configuration.

Say you want to password protect a URL like This URL might have a directory structure on our webservers/fileservers like /home1/u/username/public_html/members/ or /home2/u/username/public_html/members/. (contact support if you are unsure how to determine your home directory path.)

First we need to create what is called a password file. We can do this with the /usr/local/apache/bin/htpasswd command. To create your password file you simply type (on the shell command line.) /usr/local/apache/bin/htpasswd -c /home1/u/username/<password_file_name> <login_name>. In that command, password_file_name is the name of the file you want to have for your password file and login_name is the login name of the user you want to add to your password file.

The new website login name is independent of your SSH login name. Website access passwords are inherently weak so you should never use the same password for member or system accounts.

I might use something like /usr/local/apache/bin/htpasswd -c my_password_file admin

When I type that in it should ask me what password I would like for the login name admin.

Next we need to create a .htaccess (note the leading period.) file within the directory we want to protect. To do this I would change directories into the directory I want to protect with

cd /home1/u/username/public_html/members

Then I would open the file I want to create with a 'nano -w .htaccess'. This invokes the command line file editor.

Once the editor is open and you're editing the file, you want the file to read something like:

<Limit GET POST>
   order deny,allow
   deny from all
   allow from all
   order deny,allow
   deny from all

AuthName "Members Section"
AuthType Basic
AuthUserFile /home1/u/username/my_password_file
require valid-user

After you're finished editing the file, you can exit with <CTRL>-X, answer YES that you want to save it, and just push <ENTER> to verify the filename.

That should be it! If you go to your URL: it should now ask you to enter a user name and password! Just put in the login name and password you supplied when you created the password file, and it should let you in.



HtmlProgramming/how-can-i-password-protect-directories (last edited 2015-08-23 14:13:21 by wilhelms)