Here is a quick and easy HOWTO for setting up .htaccess password protection on web-accessable directories. It’s really easy, but it’s always nice to have the syntax right at your fingertips.
First, find your way into the directory you want to protect.
% cd /path/to/secure/directory
Next, create a file in this directory called “.htaccess” and insert the following lines:
AuthUserFile /path/to/secure/directory/.htpasswd
AuthGroupFile /dev/null
AuthName "Secure Document"
AuthType Basic
<LIMIT GET PUT POST>
require user username
</LIMIT>
Remember to change “/path/to/secure/directory” to your path, and “username” to the the username you want. You can use any username you wish, and it does not need to exist as a UNIX user.
Now we can create the username and password. The following command does this by creating a file called “.htpasswd” with the username and encrypted password inside.
% /path/to/apache/install/bin/htpasswd -c .htpasswd username
Again, remember to change “username” to the username you have chosen, and enter the password twice when prompted.
Finally, we just have to make sure these two files are readable, and we are all done.
% chmod 755 .htaccess
% chmod 755 .htpasswd
This directory and all subdirectories will now prompt for this username and password whenever they are browsed to.
This is a very concise and well written article.
You might consider contributing it to The Tech FAQ as a standard Q&A.
Thanks!
When I first did this, got a “server misconfiguration” error. Double checked my .htacess file and apache didn’t like the quotes around “Secure Document” I had copied from your post. I had to change them to regular ASCI quotes.
Pingback: Upgrade and Secure WordPress, Don’t Wait for Heart Surgery | American Butifarra
Thanks, easy and quick!
Much better than the official apache docs.