Quick and Easy Apache Password Protection

Here is a quick and easy HOWTO for setting up .htaccess password protection on web-accessable directories. It’s really easy, but it’s always nice to have the syntax right at your fingertips.

First, find your way into the directory you want to protect.

% cd /path/to/secure/directory

Next, create a file in this directory called “.htaccess” and insert the following lines:

AuthUserFile /path/to/secure/directory/.htpasswd
AuthGroupFile /dev/null
AuthName "Secure Document"
AuthType Basic

require user username

Remember to change “/path/to/secure/directory” to your path, and “username” to the the username you want. You can use any username you wish, and it does not need to exist as a UNIX user.

Now we can create the username and password. The following command does this by creating a file called “.htpasswd” with the username and encrypted password inside.

% /path/to/apache/install/bin/htpasswd -c .htpasswd username

Again, remember to change “username” to the username you have chosen, and enter the password twice when prompted.

Finally, we just have to make sure these two files are readable, and we are all done.

% chmod 755 .htaccess
% chmod 755 .htpasswd

This directory and all subdirectories will now prompt for this username and password whenever they are browsed to.

4 thoughts on “Quick and Easy Apache Password Protection

  1. Thanks!

    When I first did this, got a “server misconfiguration” error. Double checked my .htacess file and apache didn’t like the quotes around “Secure Document” I had copied from your post. I had to change them to regular ASCI quotes.

  2. Pingback: Upgrade and Secure WordPress, Don’t Wait for Heart Surgery | American Butifarra

Leave a Reply