• Create a file named .htaccess in the directory you want to protect
• Add the following lines to .htaccess:

AuthType basic



AuthName [auth-domain]



AuthUserFile [password file] 



require valid-user

• Replace [auth-domain] with the name you'd like to show up on the password prompt. This would normally be something like "My Secrets". When someone tries to access the page they will get a box that says something like
• "Enter password for My Secrets:".
• Replace [password file] with the full path of the file that will hold username and encrypted password pairs.
• Create users and passwords.

First you need to create the file, this is most easily accomplished with "touch", like:

touch mypasswd

 

 

Then create users with the htpasswd command.

htpasswd mypasswd me

 

 

htpasswd will create the user:encrypted pair in the mypasswd file.

Further notes:

Be careful with permissions. All of the files need to be world and group readable, but not writable. Unless you take special steps to protect the documents under the passworded page the files will still be readable to local users, just like normal web files. Any directories created within a password protected directory are also protected by the same password. Log files are very helpful in debugging. They are located in: /www/log/users-error.log

the password file referred to by AuthUserFile must be an absolute path , ie starting with a /

See Also: