Archive for the ‘Password’ Category

How to Password a Folder on an Apache Server

Sunday, December 31st, 2006

This only works for an Apache server. Note that the folder and its contents will not be indexed since it is passworded.

1. create .htaccess and .htpasswd as ordinary text files. Make sure there is no .txt at the end.

here is an .htaccess example

AuthUserFile /home/content/f/r/e/fred/html/myfolder/.htpasswd
AuthGroupFile /dev/null
AuthName "Access for Admin"
AuthType Basic

<limit GET POST>
require user myfriends
</limit>

where myfriends (replace with your own) is the login id and the folder to protect is myfolder (replace with your own directory path)

line 1 of .htaccess needs to be replaced with the full path on your server to your .htpasswd folder. This is dependent on your ISP. The example shown below is from GoDaddy. The path to the root of your GoDaddy account looks like:

/home/content/f/r/e/fred/html/

This is known as the DOCUMENT_ROOT in the world of PHP. Since most hosts support php you can create a file called showinfo.php and put the following into it:


<? phpinfo(); ?>

Upload this to your website’s home directory and invoke it:

http://www.mydomain.com/showinfo.php

Look for the entry called “DOCUMENT_ROOT”.
for example if DOCUMENT_ROOT was /home/content/f/r/e/fred/html/ and the folder you are trying to protect is myfolder then the entry for AuthUserFile is:

/home/content/f/r/e/fred/html/myfolder/.htaccess

Ask your ISP if you cannot find the full path.

Here is an .htpasswd example

myfriends:bZTGwg.9OWALY

  • where myfriends is the login id and the stuff after the colon is the encrypted password.
  • make sure .htpasswd is one line only with no breaks at the end

to get the .htpasswd entry you need to generate a password. Try this link:

Generate .htpasswd

It will generate a cut-and-paste line for .htpasswd. Remember no breaks at the end of the line.

If you have access to Perl, try this from the command line:

perl -e "print crypt('myfriends', 'abc')"

where the ‘myfriends’ is the login id and ‘abc’ can be any sequence of letters or numbers. It provides a starting point for the password.

2. upload .htaccess and .htpasswd to the folder you want passworded. If you have a problem uploading try this link:

Uploading the .htaccess file

3. you are done. Every time someone tries to access the folder or any of its subfolders they will be prompted for a login and password.

Doug

Posted in Apache, Password, Privacy, htaccess | No Comments »