How do I password-protect some of my web directories and files?


You will need to create the files htpasswd.html, htpasswd.cgi and .htaccess. All three files will go into the directory you're protecting and will do the password protection. Below follows instructions on how to create and use them.

You will then need to create a .htaccess file in the same directory. Just create a text document called ".htaccess" (the first period is necessary). The possibilities of that file are beyond the scope of this FAQ. We recommend that you study this tutorial at NCSA. But here is a example one you can copy and modify for your own use that will work. Copy the text below into the .htaccess file, and edit the third line to reflect the path to the .htpasswd file. This is the same path that you set in the htpasswd.cgi file.

AuthName "My Website"
AuthType Basic
AuthUserFile /var/domain/www.mydomain.com/private_stuff/.htpasswd

require valid-user

Or an alternate AuthUserFile line:

AuthUserFile /var/home/myname/public_html/private_stuff/.htpasswd
Now FTP the .htaccess file into your protected directory and you are finished. If you want to add more usernames and passwords for the protected directory, just go to your htpasswd.html page in your browser again and use it to add more (that page and the directory it is in will now be password protected with the initial username and password you assigned).

Troubleshooting
NOTE: If you are on a Windows machine and using Notepad for your text editor, Windows will by default add a .txt extension to the end of your file name (i.e. .htaccess.txt). If the file has a a file extension, the web server will not use it and it will not work. In order to prevent Windows from adding the .txt to your filename, a work-around is, when doing a "Save As" of your file, to enter the file name in quotes, i.e.. ".htaccess". You may also be able to change the file name after uploading in your FTP program browser window.


A service of zNET Internet Services