Restrict Access with HTAccess

By Jimmy Bonney | January 30, 2008

Neurons network

I am sure that you have already seen some dialog like that:

HTAccess restricted Access

This kind of dialog appears when a folder is protected on an Apache server. It allows some files to be accessible to a limited amount of people with special rights. This kind of protection is done by a little file: .htaccess put in the directory containing the content to protect.

I will give here a basic example about the use of such a file. Let say that you have installed a proxy on your server (as we did here) but you don’t want every single user of your website to be able to access it (after all, it can use a lot of bandwidth). In that case, you would put a .htaccess file in the same directory than the proxy script and you will be the only one able to access the proxy you have installed. Let’s get started.

The first thing to do is to create the .htaccess file and to copy the following into it:

1
2
3
4
AuthType Basic
AuthName "Password Required"
AuthUserFile /www/passwords/password.file
Require valid-user

Each field is pretty easy to understand:

  • AuthType give the type of htaccess file
  • AuthName is the name that will appear in the dialog that will open (“Scripts” in the screenshot above)
  • AuthUserFile is a file containing the list of valid users and their password.
  • Require indicates who will be allowed to connect (in the case above, every valid user but you can limit that to only one by specifying the name)

The second step of the process is to create the password file containing the users allowed to log in (you can give it the name you want but many people name it .htpasswd). This is simply a list looking like that:

user1:pass1
user2:pass2
...

For a better security (i.e. to prevent people to actually be able to see your password if they can access the password file on your computer for example), the password should be encrypted. You can go here to encrypt your password. Finally, you just have to transfer the two files to your server. Remember that the .htaccess file has to go to the same directory than the content you are trying to protect. The file containing the password can go anywhere but you will have to put it at the same place that you specify in the .htaccess file.

Htaccess allows a lot more than just protecting folder with password. For more information, have a look at the documentation.


For the time being, comments are managed by Disqus, a third-party library. I will eventually replace it with another solution, but the timeline is unclear. Considering the amount of data being loaded, if you would like to view comments or post a comment, click on the button below. For more information about why you see this button, take a look at the following article.