Random Wisdom

HTTP Access Control

by on Jan.25, 2006, under How To ..., Software

Finally figured out how to password protect individual directories on the server:

Authentication, Authorization and Access Control

It’s a simple 2-step process:

1. Create a passwords file for the users using “htpasswd“:

jsmith@server:~/public_html/db$ htpasswd -c ~/htpasswds jdoe
New password:
Re-type new password:
Adding password for user jdoe
jsmith@server:~/public_html/db$

2. Create a file “.htaccess” in the directory to be protected:

jsmith@server:~/public_html/db$ cat .htaccess
AuthType Basic
AuthName "db"
AuthUserFile /home/jsmith/htpasswds
Require user jdoe
:, , , ,

2 Comments for this entry

  • android
    January 28th, 2006 on 1:02 am

    and where exactly does one place the htpasswd file?

  • DarkKnight
    January 28th, 2006 on 1:18 am

    dude, I though you already had this thing going .. how else do you password protect your directories? Anyway, the passwords file can go anywhere and can be called anything — just as long as you put down the correct location in the “AuthUserFile” line of .htaccess. The most sensible place to put it is somewhere in your homedir — but not in public_html — since people can then just download it off of the server.

Leave a Reply