Using .htaccess files to restrict access
Some material is very old and may be incorrect today
© December 2005 Tony Lawrence
Every directory in a Apache website can have an optional .htaccess file. This can be used to require passwords to access the files therein or to redirect requests to other pages. Everything you can do in an .htaccess file can also be done in your web server's configuration file, but that can be a little intimidating and confusing for new web masters. The .htaccess is slightly less efficient, but easy to use.
Let's say you want to restrict access to a certain subdirectory. Create .htaccess in that directory, and put this into it:
AuthUserFile /www/data/.htpasswd AuthName "Login and Password Required" AuthType Basic <Limit GET> require valid-user </Limit>
Note that AuthUserFile can be anywhere that the web server can read. You then have to create the .htpasswd file:
htpasswd -c /www/data/.htpasswd username
That prompts for a password for "username" and that's it. You can add additional users with the same command; just leave off the "-c".
At some sites, we tell the user what name to use and they only have to remember the password. You can even prompt them or give them hints in the Authname string if that helps.
It's that easy. Tomorrow I'll cover using .htaccess to redirect requests and to help with security.
Got something to add? Send me email.
(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version
Inexpensive and informative Apple related e-books:
Take Control of Parallels Desktop 12
iOS 8: A Take Control Crash Course
Are Your Bits Flipped?
Take Control of the Mac Command Line with Terminal, Second Edition
Take Control of Pages
More Articles by Tony Lawrence © 2010-09-01 Tony Lawrence