Password protecting a directory with Apache and .htaccess

The Apache web server can read .htaccess files located anywhere in your document root to perform different tasks and control settings without changing the configuration files. This may be useful where you don't have access to change the configuration files or don't want to mangle with the configuration files to perform easy tasks. In this tutorial we're going to password protect a single directory on your web site.


First we'll need to create a file containing users and passwords:

htpasswd -c /etc/apache2/.htpasswd user1
htpasswd /etc/apache2/.htpasswd user2

You can store the password file anywhere you like but I chose to store it where the Apache configuration files are located.


Now create a .htaccess file in the folder you wish to protect (pico /var/www/secret/.htaccess)

AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
AuthName "Enter password"
Require valid-user

Make sure Apache allows .htaccess to override settings. Add these lines into your virtual host configuration and change the directory to your document root (pico /etc/apache2/sites-enabled/000-default):

AllowOverride All

The AllowOverride setting may already be in your virtual host configuration. Make sure it is set to All.


If you changed the AllowOverride setting, restart Apache:

/etc/init.d/apache2 restart

The directory should now be password protected.


If you are getting server errors, make sure the Apache user has permission to read both the .htaccess file and .htpasswd.

chmod 755 /var/www/secret/.htaccess
chmod 755 /etc/apache2/.htpasswd

  • 0 Users Found This Useful
Was this answer helpful?

Also Read

How To Change Your Account Details

Your Account is how you control your domains, servers and all of the services that...

How to add a range of IPs on a BSD box.

FreeBSD is a popular free Unix like open source operating system that is based on the Berkeley...

How to trap cPanel ( WHM ) Password Modification

If your account is hosted on Linux hosting server then most webhosting service provider will...

How to trap cPanel ( WHM ) Password Modification

Monitoring PowerDNS is easy with MRTG, just install these two packages and create a config file...