My Web Hosting Manual

Main Menu
Home > .htaccess > Password Protect Directories

Password Protect Directories

Aside from the redirection of error codes, the password protection and authentication systems offered by the Apache Web Server is probably the most used .htaccess feature. It's very easy to implement a requirement od a name and password to a directory or directories if you wish to do so. This will cause that little window asking for your login name and login password.

First you should decide which directory (everything under it will also be blocked), and in that directory create the .htaccess file with the following information:

AuthName "Member's Area Name"
AuthUserFile /path/to/password/file/.htpasswd
AuthType Basic
require valid-user

Just so you understand what you're doing, we will try to explain it line by line.

  1. On the first one it says that the directory is called (not really a directory name, just a zone within your website, like "My Secret Spot"). This name will show up on the pop-up window prompting user name and password.
  2. The second line specifies the location of the password file (which can have any name you like). If at all possible, it should be away from web root. A place where you can't get to with only your browser. But if you can't, just place it nest to your .htaccess file. This path must be full absolute server path.
  3. The third line thels the browser what type of authentication it will be using. In this case its "Basic" since we are using HTTP authentication.
  4. The forth line specifies that you require a valid login name and password.

A sample of a .htpasswd file with 2 users could be:

fred_smith:oCF9Pam/MXJg2
juan-perez:tGF576gTGfcv3

One account per line, the readable names are the user names, the numbers and letters is the encrypted password. The encryption is done by the server and it's saved encrypted.

To manage many users you will probably need some kind of member access program. This member access program will most likely create and handle your htaccess and htpasswd files, and will most likely have web interface. You should also look for more fields than user name and password. Something like e-mail, phone, address, country would be nice.

Check out our PHP & CGI Scripts area for a few of these programs I've tried.

You should know that you can manage these files manualy, but I would leave that for more advanced users.

Review It

You might also be interested in:





Top Hosting
  - Host Gator
  - Host Monster
  - Blue Host
  - Easy CGI
  - Lunar Pages
        
All content has been created by Juan Carlos Gorospe. These are my opinions and experiences.
Copyright © 2008, Juan Carlos Gorospe. All Rights Reserved.