Using .htaccess files to restrict access

Every directory in a Apache website can have an optional .htaccess file. This can be used to require passwords to access the files therein or to redirect requests to other pages. Everything you can do in an .htaccess file can also be done in your web server's configuration file, but that can be a little intimidating and confusing for new web masters. The .htaccess is slightly less efficient, but easy to use.

Restricted Access

Let's say you want to restrict access to a certain subdirectory. Create .htaccess in that directory, and put this into it:

 AuthUserFile /www/data/.htpasswd
 AuthName "Login and Password Required"
 AuthType Basic
 <Limit GET>
 require valid-user

Note that AuthUserFile can be anywhere that the web server can read. You then have to create the .htpasswd file:

 htpasswd -c /www/data/.htpasswd username

That prompts for a password for "username" and that's it. You can add additional users with the same command; just leave off the "-c".

At some sites, we tell the user what name to use and they only have to remember the password. You can even prompt them or give them hints in the Authname string if that helps.

It's that easy. Tomorrow I'll cover using .htaccess to redirect requests and to help with security.

Got something to add? Send me email.

(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Using .htaccess files to restrict access

Increase ad revenue 50-250% with Ezoic

More Articles by

Find me on Google+

© Tony Lawrence

Kerio Samepage

Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us