In order to password protect a website, or part of a website, we need to create a .htaccess file and a .htpasswd file. These are the files that Apache reads from to see who is allowed in the site. This guide will show you how to setup a website directory with password protection.
- Apache webserver
- Local root access on the box or be able to su to root.
- A SSH client that supports ANSI colors such as puTTy or SecureCRT (if you aren’t on the box).
- Your favorite text editor (I like nano).
# nano -w /usr/local/etc/apache/httpd.conf
You will need to add these three lines. Insert them within your VirtualHost(s) if you use them:
Then restart apache:
# apachectl restart
Now we need to create a password file for the protected directory for user fred
# htpasswd -c /path/to/protected/directory/.htpasswd fred New password: Re-type new password: Adding password for user fred
You can additional users by the previous command, but without the -c. Next we have to create the .htaccess file for Apache to read from
# nano /path/to/protected/directory/.htaccess AuthUserFile /path/to/protected/directory/.htpasswd AuthName "Login Text" AuthType Basic require valid-user
That’s all there is to it. Now that website directory is password protected.