Home arrow Apache arrow Page 3 - Securing Directories With htaccess

Securing Directories With htaccess

If you have a web site that contains sensitive documents such as test results, scripts, or an administration section, then you need directory security to stop unauthorized people from accessing certain parts of your site. In this article, Hassan will show you how to setup htaccess security for folders on your Apache web server.

Author Info:
By: Hassan Syed
Rating: 4 stars4 stars4 stars4 stars4 stars / 5
December 03, 2001
  1. · Securing Directories With htaccess
  2. · The .htaccess file explained
  3. · The .htpasswd file explained
  4. · Conclusion

print this article

Securing Directories With htaccess - The .htpasswd file explained
(Page 3 of 4 )

The .htpasswd file is even simpler that the .htaccess file, and can contain just one line. It consists of a number of name/value pairs, which represent username/password combinations. Each username/password combination is separated by a carriage return. They are used by Apache to determine whether or not a user trying to gain authentication actually exists and is valid.

Before we create our .htpasswd file, you should upload the .htaccess file (which we created earlier) to the directory on your web server which you want to protect.

If you are running windows 98 or above, then you can simply click on Start -> Run -> “ftp” (without the quotes). This will launch the Microsoft FTP app. To login and upload our .htaccess file to the /www/htdocs/secure directory, we would enter the following commands at the FTP prompt (Each command is separated by a carriage return):


C:\>open mysite.com



C:\>cd /www/htdocs/secure

C:\>put c:\security\.htaccess


To create the .htpasswd file, we will connect to our web server using telnet. If you are running windows, click on Start -> Run -> “telnet” (without the quotes). Type in “open myserver.com” (replace myserver.com with the domain name of your server) to connect to your server. Enter your username and password. You should be at the Unix prompt.

You will need to change into the directory where you uploaded your .htaccess file to. Use the “cd” (change directory) command to do this. In our example, we would change to the /www/htdocs/secure directory, like this:

cd /www/htdocs/secure

Next, we need to run the htpasswd program. This is a simple program that takes three arguments:

htpasswd [options] [.htpasswd file] [new user name]

For the first arguement, we specify “-c”. This tells the htpasswd file that we are creating a new user. For the second argument, we specify “/www/htdocs/secure/.htpasswd” (or the complete virtual path and filename of our .htpasswd file). For the last argument, we specify the name of the user we are creating. We will create a new user named fred. So, the command to add a new user named fred would look like this:

htpasswd –c /www/htdocs/secure/.htpasswd fred

Enter the command, as shown shown above (replacing the path to the .htpasswd file as needed). You will then be asked to enter a password for the new user, fred. Enter “flinstone”, as shown below:

Adding a user fred, using htpasswd

That’s all we need to secure our directory! We can make sure our authentication works by opening up a new browser window and entering http://www.yourserver.com/secure (replace www.yourserver.com with the domain name of your server). You should be greeted with an authentication dialog box:

The authentication dialog

Enter username “fred”, and password “flinstone”. Click OK and you will be granted access to the /secure directory. If you enter an incorrect username/password combination three or more times, you are denied access, as shown below:

The invalid user screen
blog comments powered by Disqus

- Programmatically Manipulating Microsoft Exce...
- Installing PHP under Windows
- Compressing Web Content with mod_gzip and mo...
- Compressing Web Output Using mod_deflate and...
- Setting Up Apache 2.0.45 to Parse PHP Pages
- Custom Error 404 Documents with PHP
- Using Apache and PHP on Mac OS X
- ASP: Active Sessions, Active Logins and Tota...
- Working With Oracle on Windows: Part 1
- The Quick-n-Dirty Guide to Setting Up Apache...
- Installing Apache With SSL: The Complete Gui...
- 7 Powerful .htaccess Customization Tips
- Trap And Get Notified: A Practical Solution ...
- One Way To Use Server Side Includes
- Using ForceType For Nicer Page URLs

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 

Developer Shed Affiliates


© 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials