General Information

In order to password protect a website, or part of a website, we need to create a .htaccess file and a .htpasswd file.  These are the files that Apache reads from to see who is allowed in the site.  This guide will show you how to setup a website directory with password protection.

Requirements

1. Apache webserver
   
2. Local root access on the box or be able to su to root.
   
3. A SSH client that supports ANSI colors such as puTTy or SecureCRT (if you aren't on the box).
   
4. Your favorite text editor (I like nano).

Configuration

#	nano -w /usr/local/etc/apache/httpd.conf

You will need to add these three lines.  Insert them within your VirtualHost(s) if you use them:

<Directory "/path/to/protected/directory">      AllowOverride AuthConfig </Directory>

Then restart apache:

#	apachectl restart

Now we need to create a password file for the protected directory for user fred

# htpasswd -c /path/to/protected/directory/.htpasswd fred New password: Re-type new password: Adding password for user fred

You can additional users by the previous command, but without the -c.  Next we have to create the .htaccess file for Apache to read from

# nano /path/to/protected/directory/.htaccess AuthUserFile /path/to/protected/directory/.htpasswd AuthName "Login Text" AuthType Basic require valid-user

That's all there is to it.  Now that website directory is password protected.

Author: Jon LaBass
jon at bsdguides dot org