How to password protect a folder with .htaccess/.htpasswd
Protecting a folder on your web hosting server is usually very easy. Most control panels, such as cPanel and Plesk**, have obvious password protection options in the web browser based GUI.
But if you're on an Apache based server (be it running on Linux, Windows, or otherwise), you can simply add an .htaccess file into that folder and place an .htpasswd file at the specified location. Add this to your new or existing .htaccess file, in the folder that needs protecting: PHP Code:
Code:
AuthUserFile /home/httpd/vhosts/yourdomain.com/subdomains/yoursubdomain/httpdocs/.htpasswd If you're not 100% sure what your folder's full path is, simply create a PHP file and place it in that folder. (Before saving changes to the .htaccess, of course, otherwise you're going to be locked out of it!). See those instructions at: How to find the full path to your server directory, using a PHP file Then create your .htpasswd file. The file essentially looks like this: Code:
username:password So the file needs to be properly "encrypted" and will look more like this: Code:
username:$apr1$OCifD/..$zZrHP8ynh75.DwzNhfeAm0 For added security, this Apache password file can be located outside of the public accessible folders, assuming you have access to non-public levels. Many shared hosts will prevent you from putting files closer to root, essentially jailing you to httpdocs/htdocs public folders. In Plesk, there's the "private" folder for such things to exist, even with shared hosting. For example: Code:
vhosts/domain.com/httpdocs .htaccess should, of course, be enabled on the Apache server. It should also be mentioned that this does NOT work on IIS Mod-Rewrite ISAPI filters for Windows. Simply use Windows protection on IIS, either directly via the OS control panel, or through your third-party panel like Plesk 8 or Plesk 9. Quote:
|
Site design, images and content © 2002-2024 The Digital FAQ, www.digitalFAQ.com
Forum Software by vBulletin · Copyright © 2024 Jelsoft Enterprises Ltd.