How to password protect a web directory
by Justin Silverton
This article will show you how to password protect a directory using the apache web server and a .htaccess file.
.htaccess file
The .htacess file should be in the directory that you would like to protect (everything below this directory will also be password protected).
AuthName “Password Protected Area”
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user
Replace “Password protected Area” with the name of the area that you would like to protect. Also, the path needs to be changed to the path of the .htpasswd file (which will be explained further).
Generating a .htpasswd file
A program comes with apache for generating a .htpasswd file. Here is how it works:
htpasswd [ -c ] [ -m | -d | -s | -p ] passwdfile username
htpasswd -b [ -c ] [ -m | -d | -s | -p ] passwdfile username password
htpasswd -n [ -m | -d | -s | -p ] username
htpasswd -nb [ -m | -d | -s | -p ] username password
A full explanation of htpasswd can be found here
If everything is setup correctly you should see the following prompt when you try to access your newly protected directory (and the username/password combo created with htpasswd should allow access):
1 Comment so far
Leave a reply
Thanks for the info. I have set up a password protected file using .htaccess and .htpasswd and it is working nicely, but I am curious to know if a session timeout can be set as well.
I am able to sign in with a username and password and then I never have to sign in again. I would like it set up so that if the page is inactive for more than 10 minutes, then you would need to sign in again.
Is there a way to do this?