How to Password Protect a Web Page with Apache
Let's say you want this situation:
|~/public-web/Index.html||My default page, world-readable|
You need a "password file" in a place where Apache can read it but will not serve it up to web clients. That means it must not be under ~/public-web. Your home directory should work.
Here I create a new password file as I add a user named fred.
% htpasswd -c ~/.web-password fred Adding password for fred. New password: ****** Re-type new password: ****** % ls -l ~/.web-password -rw-r--r-- 1 cromwell cromwell 19 Jan 29 14:58 /home/cromwell/.web-password
Note that you do NOT see the literal "******" above. I added that to indicate where I typed the rather bad password fredpw.
Now, similar to /etc/shadow, the password file does NOT contain the password, but the hash of the password:
% cat ~/.web-password fred:ds8BPFUd2MZDw
Now I just need to do the following in order to password-protect my directory ~/public-web/private/
% cd ~/public-web/private % cat > .htaccess AuthType Basic AuthName "Restricted Files" AuthUserFile /home/rvl4/b/cromwell/.web-password Require user fred ^D
That's it for the basic stuff!
For far more, like adding more users,
making groups of users, allowing or disallowing
access from specific IP address
blocks or domains, etc see the full Apache documentation: