Password protect a directory using .htaccess on Apache

If you happen to be running Apache on your web server, you can quickly and easily password protect an entire directory and its subdirectories with an .htaccess file.

First, create an .htaccess file in the directory you want to password protect.

$ vi /var/www/html/protected/.htaccess

Save the new file with the following contents:

AuthUserFile /var/www/.htpasswd
AuthName "Basic Authentication Required"
AuthType Basic
require valid-user

Next, create a .passwd file in the directory that AuthUserFile points to. In the snippet above, the full file path would be /var/www/.htpasswd.

$ vi /var/www/.htpasswd

You can use a tool for generating an encrypted password like the one found on David Walsh's website.

For this example, lets make the username testUser and the password testPass

After entering a username and password, you should end up with a string to put in the .htpasswd file. It's contents should look something like this:


Now, after saving the file, you should be able to visit localhost/protected and be met with a password prompt.

more Apache posts