home > howto > password folder apache

How To Password a Website Folder

This short tutorial will explain how to password a folder on a web site. Note this method only works for an Apache server. Note that the folder and its contents, including subfolders, will not be indexed by search engines since it has a password.

Create a .htaccess File

First create a .htaccess file as ordinary text files. Make sure there is no .txt at the end. There may already be a .htaccess file on your server so check. Add the following code starting with AuthUserFile to your .htaccess file and modify it to suit your web site.

.htaccess example

AuthUserFile /home/content/f/r/e/fred/html/myfolder/.htpasswd
AuthGroupFile /dev/null
AuthName "Admin Access"
AuthType Basic

<limit GET POST>
require user myfriends
</limit>

where myfriends (replace with your own) is the login id you want to use.

The folder to protect is myfolder so replace with your own directory path.

Replace the document root path

/home/content/f/r/e/fred/html

with your own.
This is dependent on your ISP. The example shown below is from GoDaddy. The path to the root of your GoDaddy account looks like:

/home/content/f/r/e/fred/html			

This is known as the DOCUMENT_ROOT in the world of PHP. Since most hosts support php scripting you can create a file called showinfo.php and put the following text into it:

<? phpinfo(); ?>

Upload this to your website's home directory and invoke it:

http://www.mydomain.com/showinfo.php

Look for the entry called "DOCUMENT_ROOT".

Ask your ISP if you cannot find the full path.

Create a .htpasswd File

Create the .htpasswd file as an ordinary text file. Make sure there is no .txt at the end and the filename starts with a dot.

.htpasswd example

myfriends:bZTGwg.9OWALY

• myfriends is the login id and the stuff after the colon is the encrypted password.
• make sure .htpasswd is one line only with no breaks at the end

Generate a Password

To get the .htpasswd entry you need to generate a password the htpasswd generator tool will generate a cut-and-paste line for .htpasswd file. Remember no breaks at the end of the line.

Using Perl

If you have access to Perl, try this from the command line:

perl -e "print crypt('myfriends', 'abc')"

where the 'myfriends' is the login id and 'abc' can be any sequence of letters or numbers (it is used to initialize the crypt function).

Using htpasswd.exe

This is Apache's password generator program.

htpasswd -c .htpasswd mylogin

This will prompt you for the password then write out .htpasswd file.

Upload .htaccess and .htpasswd

Upload .htaccess and .htpasswd to the folder you want passworded. Some web development programs, such as FrontPage or Expression Web, do not show the dot files in their file list because a file starting with a dot is considered hidden.

Test it Out

Test out the password by trying to access a file in the folder. A prompt for the user id and password should appear.

You are done. Every time someone tries to access the folder or any of its subfolders they will be prompted for a login and password. Note this folder, subfolders, and files in the folders will not be indexed by search engines.