Using .htaccess files to restrict access
Every directory in a Apache website can have an optional .htaccess file. This can
be used to require passwords to access the files therein or to redirect
requests to other pages. Everything you can do in an .htaccess file can
also be done in your web server's configuration file, but that can be a
little intimidating and confusing for new web masters. The .htaccess is
slightly less efficient, but easy to use.
Let's say you want to restrict access to a certain subdirectory. Create
.htaccess in that directory, and put this into it:
AuthName "Login and Password Required"
Note that AuthUserFile can be anywhere that the web server can read.
You then have to create the .htpasswd file:
htpasswd -c /www/data/.htpasswd username
That prompts for a password for "username" and that's it. You can add additional
users with the same command; just leave off the "-c".
At some sites, we tell the user what name to use and they only have to remember
the password. You can even prompt them or give them hints in the Authname string
if that helps.
It's that easy. Tomorrow I'll cover using .htaccess to redirect requests and
to help with security.
Got something to add? Send me email.
Increase ad revenue 50-250% with Ezoic
More Articles by Tony Lawrence
Find me on Google+
© 2010-09-01 Tony Lawrence