Restricting Access to your Web Site with Password-Protected
Password-protecting files and directories is used for "user authentication".
The best place to learn about user authentication is from the source (NCSA).
They have a very easy to understand tutorial at the following URL:
You should be aware of one subtle difference with the Virtual Server System: when
you set up your .htaccess
files, you will specify the
AuthGroupFile with respect to your home directory.
When you set up your .htpasswd
files, however, with the htpasswd
command you will need to prepend
/usr/home/[login_name] to the directory specification.
| NOTE: If you will
be authenticating thousands of users, or more, you should consider
Authentication which works much faster and more efficiently
with a larger number of users.
For example, let's say you have a subdirectory billy
in your ~/www/htdocs
directory. You would like to restrict access to this directory. This can
be done by first creating a .htaccess
file in the billy
subdirectory such as the following:
This .htaccess file will
only allow one user, "William", to access the directory billy;
provided the correct password is given. The password is to be stored in
file (see the AuthUserFile
declaration in the .htaccess
AuthName Bill's Restaurant
require user William
Note that the AuthUserFile implicitly assumes the "/usr/home/[login]"
prefix to the path. You must explicity state this prefix when setting the
To set up the password for "William"
issue the following command:
-c /usr/home/[login]/etc/.htpasswd William
You will then be asked for your password.
You may use the htpasswd
command without the
-c flag to add additional users; e.g. where peanuts,
are additional users:
% htpasswd /usr/home/[login]/etc/.htpasswd peanuts
% htpasswd /usr/home/[login]/etc/.htpasswd almonds
% htpasswd /usr/home/[login]/etc/.htpasswd walnuts
|NOTE: To run the
correctly, you will need to prepend the /usr/home/[login_name]
path to the password file specification (substitute your login name
for [login_name]). You do not need to use the /usr/home/[login_name]
path in the .htaccess