- The .htaccess file is a simple text file placed in the directory you want the contents of the file to affect. The rules and configuration directives in the .htaccess file will be enforced on whatever directory it is in and all sub-directories as well. In order to password protect content, there are a few directives we must become familiar with. One of these directives in the .htaccess file ( the AuthUserFile directive ) tells the Apache web server where to look to find the username/password pairs.
- The .htpasswd file is the second part of the affair. The .htpasswd file is also a simple text file. Instead of directives, the .htpasswd file contains username/password pairs. The password will be stored in encrypted form and the username will be in plaintext.
We have to make some changes on the apache conf file, & rester the service.The procedure is explained below.
Creating an .htaccess file:-
goto the directory you need to password protect. create a file named .htaccess.
add the following lines into it.
AuthName "Hello user!"
AuthUserFile /usr/local/humanlinux/.htpasswd (this is the location of the .htpasswd, you have to specify accourdingly)
Require user john (replace the john with desired username)
Save the file.
Creating an .htpasswd file:-
To create a .htpasswd file in /usr/local/humanlinux
htpasswd -c /usr/local/humanlinux/.htpasswd john
Note the '-c' is only used when creating a new .htpasswd file.
To add dave to an existing .htpasswd file located in /usr/local/humanlinux/ the following command will be used.
htpasswd /usr/local/humanlinux/.htpasswd dave
Sample .htpasswd File
Below is a sample .htpasswd file that contains users john and dave
Changes in the apache conf file:-
you have to specify the correct path for the directory you need to pasword protect.Here i have protected the directory /home/humanlinux/public_html/protected.
Restart the apache service.
- Make sure that the path specified in AuthUserFile is the correct full path. This is a major cause of problems. If Apache cannot find the .htpasswd file, then all attempts will fail.
- Make sure the permissions on the .htaccess and .htpasswd files are set so that Apache can read them.
- chmod 0644 .htaccess
- chmod 0644 .htpasswd
- Other issues may be out of your control. Web administrators can lock down Apache so that it ignores all .htaccess files it encounters. This can be achieved with an AllowOverride None directive and option on the ServerRoot/DocumentRoot directories. If this is the case (.htaccess not allowed) you will have to kindly ask your web administrator to allow .htaccess files with authorization directives in your personal web directory. This can be achieved with AllowOverride AuthConfig directive and option.