Password Protection using Apache's htaccess

Protecting a directory with a password using Apache and htaccess is really simple, I'll tell you how anyway.

Protecting a directory with a password using Apache and htaccess is really simple, this article explains how.

Password Protect a Directory

Go to the directory you want to protect and create two files: .htaccess and .htpasswd (make sure you include the prefixed period (.)

If you are using ssh or the unix command line this is how you do it

touch .htaccess .htpasswd

Put this in the .htaccess file.

#Password protect current directory
AuthType Basic
AuthName "My Private Area"
AuthUserFile /fullpath/to/.htpasswd
require valid-user

Okay, now the tricky part, we have to make the .htpasswd file look like this:

nick:DIWN976v5sluf

Where nick is the username, colon is the delimiter, and DIWN976v5sluf is the md5 of the password.

I like to generate my passwords using the Linux command line, this is how:

htpasswd .htpasswd username

The above calls the htpasswd command, tells what file to put the username and password into, and gets the username (replace the username with the users actual name.

If you don’t have access to a Linux terminal, just use an md5 generator.

How do I remove a user

Simple use the -D option.

htpasswd -D .htpasswd username

Reference

• htpasswd man page
• Easily Password Protect a Web Directory
• David Walsh