Password Protecting an Area of your Web Site
Problem:How can I password protect an area of my website?
Create an .htaccess File
An .htaccess file must be created in the directory that the user wants to secure. (Multiple directories can have .htaccess files, but there can only be one .htaccess file per directory.)
Important:Access restriction applies to a certain directory, not a certain file or HTML document. Documents that are to be restricted should be put in directories separate from those you want unrestricted.
While in the directory you want to secure, create/edit a file called .htaccess using your favorite text editor.
AuthUserFile /www/users/andyh/private/.htpasswd (path to .htpasswd file)
AuthGroupFile /dev/null (path to .htgroup file)
AuthName "Secure Area" (title for dialog box)
Create an encrypted password
The .htpasswd file should contain a list of usernames and passwords. The format of the password file is straightforward, one line per user, with the line containing the user name, followed by a colon, followed by the user's password encrypted with the standard Unix password encryption.
In other words, an .htpasswd can look like this:
with one line for each user.
To generate an encrypted password, visit https://www.isye.gatech.edu/intranet/modules/encrypt/
- Type in a username and password to use.
- Copy the DES encrypted password into your .htpasswd file
- For additional users, use the form again and add a line for that user to the .htpasswd file.
Check File Permissions
Make sure both the .htpasswd and .htaccess files are readable by the web server (chmod og+r .htaccess .htpasswd)
Additional Sources of Information
- Apache HTTP documentation (http://httpd.apache.org/docs/howto/auth.html)
- ApacheWeek article (http://www.apacheweek.com/features/userauth)
- Zend article (http://www.zend.com/zend/trick/tricks-august-2001.php)
The set of instructions that are placed between the
Here are some example situations that require different sets of instructions:
Allow access to a single user:
require user [username]where username is an entry in the .htpasswd file.
- Allow access to a group of people:
require group [groupname]where groupname is the name of a group in the .htgroup file.
- Allow access to any user inside a certain
where domain name is the name of the domain to allow access to (e.g. isye.gatech.edu)
deny from all
allow from [domain name]
- Deny access to any user inside a certain domain:
allow from all
deny from [domain name]
where domain name is the intended domain name to deny access to.