Password Protect an Apache Web Directory

Apache HTTP Server is versatile and modular, and it is very easy to add global configurations. For individual website users, it is also easy to add site-specific settings using .htaccess files. Password protecting a directory is no exception. This is useful for multi-user web servers or even for a server that has a single site or several sites hosted by a single user.

The first step is to create an .htaccess file in the directory you want to password protect. If one already exists, you can simple edit it. Add the following information:

AuthUserFile /path/to/.htpasswd
AuthGroupFile /dev/null
AuthName MyDirectory
AuthType Basic

<Limit GET>
require username

Replace “/path/to/.htpasswd” with the actual location where you intend to create your password file. Replace “MyDirectory” with the name you want to use to identify the directory. Finally replace “username” with a valid user account name.

To create the .htpasswd file, do the following:

$ htpasswd -c /path/to/.htpasswd username

It will then prompt you for the password. If you need to add a new user, remove the “-c” option. Please note that you should create the htpasswd file outside of the actual directory. It is best to put it somewhere safe, away from website access. Once you are finished, you should now receive a password dialog from your browser anytime you access the protected directory, and no user will have access to the contents without authentication.