Quantcast How to password protect a folder with .htaccess/.htpasswd - digitalFAQ Forum
Go Back    Forum > Digital Publishing / Web Sites > Website and Server Troubleshooting

Reply
 
LinkBack Thread Tools
  #1  
10-18-2010, 04:41 AM
kpmedia's Avatar
kpmedia kpmedia is offline
Site Staff | Web Hosting, Photo
 
Join Date: Feb 2004
Posts: 4,296
Thanked 363 Times in 337 Posts
Protecting a folder on your web hosting server is usually very easy. Most control panels, such as cPanel and Plesk**, have obvious password protection options in the web browser based GUI.

But if you're on an Apache based server (be it running on Linux, Windows, or otherwise), you can simply add an .htaccess file into that folder and place an .htpasswd file at the specified location.

Add this to your new or existing .htaccess file, in the folder that needs protecting:
PHP Code:
AuthName "Protected Folder"
AuthType Basic
AuthUserFile 
/home/httpd/vhosts/yourdomain.com/subdomains/yoursubdomain/httpdocs/.htpasswd
Require valid-user 
This line must be accurate...
Code:
AuthUserFile /home/httpd/vhosts/yourdomain.com/subdomains/yoursubdomain/httpdocs/.htpasswd
... otherwise you won't be able to authenticate, therefore being locked out of that folder via a web browser.

If you're not 100% sure what your folder's full path is, simply create a PHP file and place it in that folder. (Before saving changes to the .htaccess, of course, otherwise you're going to be locked out of it!). See those instructions at: How to find the full path to your server directory, using a PHP file

Then create your .htpasswd file. The file essentially looks like this:
Code:
username:password
... and that's all that is in the file. However, the password is not plain text, it's been hashed with MD5.
So the file needs to be properly "encrypted" and will look more like this:
Code:
username:$apr1$OCifD/..$zZrHP8ynh75.DwzNhfeAm0
To create a hashed version, use the .htpasswd generator found here: http://www.htaccesstools.com/htpasswd-generator/

For added security, this Apache password file can be located outside of the public accessible folders, assuming you have access to non-public levels. Many shared hosts will prevent you from putting files closer to root, essentially jailing you to httpdocs/htdocs public folders. In Plesk, there's the "private" folder for such things to exist, even with shared hosting. For example:
Code:
vhosts/domain.com/httpdocs
vhosts/domain.com/private
How much access you have depends on your server. For VPS (virtual private servers) and dedicated setups, you can do pretty much anything you want.

.htaccess should, of course, be enabled on the Apache server.

It should also be mentioned that this does NOT work on IIS Mod-Rewrite ISAPI filters for Windows. Simply use Windows protection on IIS, either directly via the OS control panel, or through your third-party panel like Plesk 8 or Plesk 9.

Quote:
** Plesk Problems with Protecting Folders on Subdomains:

Note that the password protection option in the Plesk GUI does not work for folders in the subdomains, on Apache, when the subdomains have been attached or (nested under) primary domains. By "attached" I mean "domain.com" has only one entry in Plesk, and you've added/attached the subdomain underneath domain.com, using the subdomains option for domain.com.

You must use this manual .htaccess/.htpasswd "trick" to password protect your folders on the nested sub domains.

The workaround for being able to easily add password protection to subdomains in Plesk is to treat it like a full domain, instead of nesting it underneath the main domain.com domain. Of course, on many limited licenses, this is not an option, because it would count as two separate domains on the server, for the purpose of license usage.
Now go protect your stuff!

- Did my advice help you? Then become a Premium Member and support this site.
- Please Like Us on Facebook | Follow Us on Twitter

- Need a good web host? Ask me for help! Get the shared, VPS, semi-dedicated, cloud, or reseller you need.
Reply With Quote
Someday, 12:01 PM
admin's Avatar
Ads / Sponsors
 
Join Date: ∞
Posts: 42
Thanks: ∞
Thanked 42 Times in 42 Posts
Reply




Similar Threads
Thread Thread Starter Forum Replies Last Post
Access the other Windows account without password? lordsmurf Computers 3 03-26-2010 02:02 PM
Htaccess, ModRewrite, ISAPI Rewrite admin Website and Server Troubleshooting 0 08-12-2009 11:13 PM

Thread Tools



 
All times are GMT -5. The time now is 03:59 PM