Web Development / password protecting web directories / Vex 17 years ago

password protecting web directories

most webhosts come with an easy function to do this in the cpanel, but some don't.

here is how you do it:
.htaccess <- put this file in the directory you want to protect.


AuthGroupFile /dev/null
AuthName "Cool Club"
AuthType Basic
AuthUserFile /path/to/.htpasswd
require valid-user

Options Indexes
you'll notice a line above that says "AuthUserFile /path/to/.htpasswd

this is an absolute path on your webserver. its best to store the .htpasswd files outside of the public_html or web directory ( so you can't access it by your domain name.. )

and here is how an .htpasswd file looks :


test:$1$0ZvmCdUo$cAgnojKY0aBcmMp.g3SQB.
user2:$1$0ZvmCdUo$cAgnojKY0A53gMp.g3SQB.

this is usernameassword

each uer/password set is on its own line

the password is md5 encrypted : 1 way hash, 32 characters long.

an easy way to generate a md5 encrypted password is to create a .php file :

passwd.php :

<*?
echo md5("password");
?*>
no *

if you need to find your absolute path, you do

<*? echo $GLOBALS['HTTP_SERVER_VARS']['DOCUMENT_ROOT']; ?*>


* KEY NOTE :


.htaccess and .htpasswds are "hidden" files, some FTP programs may not display them. if you get an 500 Internal Server Error, this means your .htaccess file has some wrong code in it. If you can't see it with your normal FTP program, you can turn on 'view hidden files' in your WINDOWS FOLDER OPTIONS and ftp to it like "ftp://userassword@yourdomain.com" in the address bar and you should be able to see the hidden files then.

Sabby 17 years ago
Thanks, thanks, thanks Vex~ Very helpful!
FyreGarnett 17 years ago
not entirely certain i understand - but is something i've thought about doing for some parts of my site! thank you!