Help Desk
Article ID137
Created On4/25/2008
Password protecting a directory
Step 1. Identify the Folder/Directory to Protect
You should identify which folders (aka Directories) under your web server you would like to protect. For instance if I want to only allow a certain list of users to access my html files under the Private folder it would look something like the following.

On the Linux server the actual directory path would be:
On the web browser the path would be:

Obviously, I'm giving an example to help you see the difference between the folder/directory name on the Linux server and how it looks to web browsers. You MUST change to the appropriate directory/folder when using the steps below.

Step 2. Add Access Files to the Folder
Once you identify the folder you wish to safeguard, then you need to create two files in this folder. The files are: .htaccess and .htpasswd. The .htaccess file displays the access login information needed for users and also includes the list of specific users who can login. The .htpasswd file includes the individual users and their passwords.

Create .htaccess file in your Folder by using a text editor to create .htaccess. Notice that you must include the . (dot) before the file name!

The file should atleast include these lines:
AuthName "Login to the Private Area"
AuthType Basic
AuthUserFile /home/Mydomainname/htdocs/Private/.htpasswd
Require user andrea

Note that the AuthName requires quotes and whatever is in quotes will display on the login window when a user tries to access your private folder with a web browser. It is vital that you properly set the path for the AuthUserFile and obviously replace the word Private with whatever folder you are trying to password protect.

Also be sure to include the user login names of the people you plan to allow to this folder next to the Require user line. In my case, I simply added one user (andrea).

Now, create the .htpasswd file in the same Folder but NOT by using a text editor. Instead use this command from the command line on your Linux server.

Type this command at the prompt:
htpasswd -cmb .htpasswd andrea ann2cute

Note that you must use your own name and password (replace andrea and ann2cute) and that the option cmb does the following: First it forces Creating of a new .htpasswd file. Since this is your first time adding a user it is necessary. Next the m option forces encryption and b allows you to include the user name and password immediately. In my case I created a new .htpasswd file, then added the user andrea and her password ann2cute.

Step 3. Add Additional Users
To add users you simply need to edit both files again. First, add a user to the .htaccess file by opening it in a text editor and including the new person (my example is bradley).

The .htaccess file should include these lines:
AuthName Login to the Private Area
AuthType Basic
AuthUserFile /home/Mydomainname/htdocs/Private/.htpasswd
Require user andrea bradley

Remember to save the file when youre done adding the new user!
Now add the user (my example being bradley) to the .htpasswd file using this command:
htpasswd mb .htpasswd bradley brad4chad

In my example, I used the htpasswd command to add using encryption the user bradley to the .htpasswd file that already exists and include his password as brad4chad.