Archives for July 2005

.htaccess 101: how to password protect a directory

What’s the easiest way to make an .htaccess file in Unix/Linux so that a directory is password protected? Suppose that your home directory is /home/matt and all your webstuff is in /home/matt/www/ . Follow these steps:

  1. Make an .htpasswd file. The htpasswd command in Unix does this. You should put the password file outside of your web directory. So a command like “htpasswd -bc /home/matt/.htpasswd review donotenter” will create a new file using a username of review and a password of donotenter into the file /home/matt/.htpasswd . If you were to run the command “cat /home/matt/.htpasswd” you might see a line like “review:M1OdtjdGiDn1Y”.
  2. Make an .htaccess file. In this case, the file would be located at /home/matt/www/.htaccess and it would look something like
    AuthUserFile /home/matt/.htpasswd
    AuthName EnterPassword
    AuthType Basic
    <Limit GET POST>
    require valid-user

You might need to fiddle with file permissions a little bit. My .htaccess file was readable by all, and my .htpasswd file was readable by all as well.

Update: I edited the suggested .htaccess file a bit.