Knowledge Base

HOME: .htaccess
The Apache configuration directive file


1. How do I password protect a directory?

How do I password protect a directory?

First of all, if you are using FrontPage extensions on your site you should use FrontPage's "subweb" capability. You set this up using the FrontPage software on your PC and connecting directly to the web that is on the server.

If you are NOT using FrontPage extensions, then...

1. If your hosting account plan provides the feature, use the "Directory Protection Manager" available in the "Protect Directories" section of your hosting account's Account Manager.

2. Use a .htaccess file to password protect the directory.

.htaccess is the standard method where the webmaster (as opposed to the server administrator) can modify the functionality of the website server. Password protection is but one of the capabilities provided by .htaccess. Additional information on .htaccess can be found here:
http://support.metapros.net/faq/4.2.html and
http://www.webdeveloper.com/servers/servers_htaccess_magic.html

To set up .htaccess password protection, you will need 2 files .htaccess and .passwd. You can create these files on your PC and FTP them to the server. Since files that begin with a dot are "hidden" files, you must use an FTP program that can work with hidden files. The Account Manager's File Manager cannot be used for this purpose.

-- THE .htaccess FILE:

The .htaccess file should be put into the directory that you want protected. The contents of a .htaccess file doing password protection will look somthing like this:

AuthUserFile /home/[username]/.passwd
AuthGroupFile /dev/null
AuthName "Protected Area"
AuthType Basic
<Limit GET POST>
require user [user1] [user2] [user3, etc]
</Limit>

Substitute your values where bracketed items are shown in the example. Do not include the brackets themselves. "[username]" is your hosting account's username.

-- THE .passwd FILE:

The .passwd file should be put into the directory shown in .htaccess. "/home/[username]" is the same as your FTP root directory. The contents of a .passwd file will look something like this:

[user1]:[Rano9asmT3zWo]
[user2]:[UsQp3OGfRVL4Q]

Substitute your values where bracketed items are shown in the example. Do not include the brackets themselves.

The text to the left of the colon is the username that will be required to log in. Similarly, the text to the right of the colon is the password that will be required to log in - but it must be in encrypted format! If you have access to a Unix server command line, you can use the the htpasswd command to create the encrypted text. If you don't have such access, there are utilities that can be used in another environments such as Windows. Here is but one such utility: "Encode UNIX Password" - http://www.magsys.co.uk/apps/index.shtml


Updated: August 16, 2001


- New Hosting Client -
- Knowledge Base -
- Acct Manager Demo -
- Policies -
      Acceptable Use
      Billing
- Support Form -



© 2009 MetaPros Website Solutions.
Questions, concerns or comments?