Password Protection with .htaccess

We've all had to at one point make a directory or file private to only certain personells. I myself had to do the same today, which inspired me to write this article. It was quick and easy, took less than 2 minutes.

There are several ways to do this, but the quickest and most secure way without using a database or server side scripting is to use the amazing .htaccess and .htpassword files. For those that arn't familiar with .htaccess, it is basically a file (hidden) that allows you to set configurations on a folder and possibly its containing folders. This is the file you edit to quickly allow/suppress directory listing and to quickly set a password on a folder/file…which is what we are going to do.

First we need an .htpasswd file which will contain the username:password, this is similar to the passwd file stored in /etc/passwd on most *nix machines. It will contain something similar to

subhas:7juKMInk99vcY

You will notice that the password is encrypted, this is an additional security should someone view your .htaccess file. Passwords can be generated with using such a tool.

Next is to set the .htaccess file which will be placed in the directory you wish to protect. An example is as follows:

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/testaccount/.htpasswd
AuthGroupFile /dev/null
require valid-user

The 3rd line is important as it contains the path to your .htpasswd file. Once you’ve created both files…your DONE! Simply go to the website and you should be prompted for a username/password.

This is a quick way for freelancers to display client websites during the developing process without creating a full blown client login system.

blog comments powered by Disqus

Lijit Search