Search the site:
(New search engine!!)

.htaccess

Before you start reading this tutorial you should check if there is an automated .htaccess creation process in your host's user panel. In that case you can stop reading right here! :-)

If you find the tutorial below too complicated and your server can run PHP you should visit krizleebear.de. They offer a free PHP solution including a very easy to use web interface. Great script!

The easiest way to set up password protection of a folder is to use a .htaccess file (please note the important dot in the beginning of the file name!) It only takes a few seconds and it's a perfect way to store files in a secure way, like when clients needs to review/approve some files, or similar…

As this method is a server side solution it's much more secure than JavaScript solutions.

The first problem you will run into is that your OS probably won't like a file name beginning with a dot. .htaccess file actually don't have a name, just an extension!!

The solution is simple, save the file as htaccess.txt in GoLive and change the name to .htaccess (with the dot!) after you uploaded it. Changing the extension to .txt will also force GoLive to upload the file in ASCII mode, exactly what we want!

I have only been talking about the .htaccess file but you actually need two files, one .htaccess file and one .htpasswd file (again, please note the dot!) to set up a secure folder.

A .htpasswd file looks like this:

Michael:50HgUHdBbxmsU
(add more names and passwords here if needed)

This .htpasswd file must be uploaded to a directory above your index/root directory so that it can't be accessed from the web. The password is encrypted but the location should be "safe" anyway.

Handle the .htpasswd as a .txt file until it's uploaded, just like I described above for the .htaccess file.

You now need to create the encrypted password, here is a service that will help you do that. Please use a combination of A-Z, a-z, 0-9 and underscore.

User name:
Password

When the password is encrypted and the .htpasswd file uploaded to a directory above the root it's time to make the .htaccess file.

AuthUserFile /home/username/safe/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
Require valid-user

AuthUserFile is the server path to the folder containing your .htpasswd file, please note that it's the full server path. If you don't know what the full path to your webspace is, contact your system administrator for details.

AuthGroupFile We are not using groups so we set the group to “null”.

AuthName can be anything, like the “section” name or the text “Enter your name and password”

AuthType, we only need basic in the example.

Require valid-user, exactly what is says!

Now upload the .htaccess file to the folder you want to protect and change the name from htaccess.txt to .htaccess. That folder and all subfolders will now be protected.

To make sure that everything works as expected you should try accessing one of the files in the protected directory.

A short recapitulation:

  • Skip the dot and use a .txt extension as long as the files are on your local machine.
  • Change the names and remove the .txt extension after you uploaded the files.
  • Use the link in this tutorial to create the encrypted password.
  • Put the .htpasswd file above your normal root.
  • Put the .htaccess file in the folder you want to protect. Use a full server path to point to the .htpasswd file.
  • Test!

- Michael Ahgren