Protect Apache Directories

General Information

In order to password protect a website, or part of a website, we need to create a .htaccess file and a .htpasswd file. These are the files that Apache reads from to see who is allowed in the site. This guide will show you how to setup a website directory with password protection.


  1. Apache webserver
  2. Local root access on the box or be able to su to root.
  3. A SSH client that supports ANSI colors such as puTTy or SecureCRT (if you aren’t on the box).
  4. Your favorite text editor (I like nano).


# nano -w /usr/local/etc/apache/httpd.conf

You will need to add these three lines. Insert them within your VirtualHost(s) if you use them:

     AllowOverride AuthConfig

Then restart apache:

# apachectl restart

Now we need to create a password file for the protected directory for user fred

# htpasswd -c /path/to/protected/directory/.htpasswd fred
New password:
Re-type new password:
Adding password for user fred

You can additional users by the previous command, but without the -c. Next we have to create the .htaccess file for Apache to read from

# nano /path/to/protected/directory/.htaccess
AuthUserFile /path/to/protected/directory/.htpasswd
AuthName "Login Text"
AuthType Basic
require valid-user

That’s all there is to it. Now that website directory is password protected.

Speak Your Mind