How to password protect a web directory

This article will show you how to password protect a directory using the apache web server and a .htaccess file.

.htaccess file

The .htacess file should be in the directory that you would like to protect (everything below this directory will also be password protected).

AuthName “Password Protected Area”
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user

Replace “Password protected Area” with the name of the area that you would like to protect. Also, the path needs to be changed to the path of the .htpasswd file (which will be explained further).

Generating a .htpasswd file

A program comes with apache for generating a .htpasswd file. Here is how it works:

htpasswd [ -c ] [ -m | -d | -s | -p ] passwdfile username
htpasswd -b [ -c ] [ -m | -d | -s | -p ] passwdfile username password
htpasswd -n [ -m | -d | -s | -p ] username
htpasswd -nb [ -m | -d | -s | -p ] username password

A full explanation of htpasswd can be found here

If everything is setup correctly you should see the following prompt when you try to access your newly protected directory (and the username/password combo created with htpasswd should allow access):