Blue Reef Technical Support Blue Reef Virtual Server Reseller ProgramInstallation instructions, manuals, how-tos, and more!About Blue Reef Consulting, Inc.

About Blue Reef Virtual ServersEcommerce Solutions for your Virtual ServerSearch the Blue Reef Virtual Server web site
Return to Blue Reef Virtual Servers Home Page
Order virtual servers, software, computers, and more!
Return to Blue Reef Main Home Page
Site Map
Support Solutions to help you do business with your Virtual Server.

Blue Reef Vitual Servers
Support Menu
Support White Papers
Server Configuration Overview
Configuring an index fileConfiguring an index file
Configuring CGI Settings
Installing CGi Scripts
CGI Security Issues
Server Side Includes
Restricing Access to Site
Choosing Passwords Wisely
Serving WAP DocumentsServing WAP Documents
Multi-language settings
Mime types
Configuring the Server Time Zone
Advanced Configuration
Recommended Books
Virtual Server Handbook
Submit a question to our Support Staff

Restricting Access to your Web Site with Password-Protected Directories

Password-protecting files and directories is used for "user authentication". The best place to learn about user authentication is from the source (NCSA). They have a very easy to understand tutorial at the following URL: You should be aware of one subtle difference with the Virtual Server System: when you set up your .htaccess files, you will specify the AuthUserFile or AuthGroupFile with respect to your home directory.

When you set up your .htpasswd files, however, with the htpasswd command you will need to prepend /usr/home/[login_name] to the directory specification.

NOTE: If you will be authenticating thousands of users, or more, you should consider DBM User Authentication which works much faster and more efficiently with a larger number of users.

For example, let's say you have a subdirectory billy in your ~/www/htdocs directory. You would like to restrict access to this directory. This can be done by first creating a .htaccess file in the billy subdirectory such as the following:
    AuthUserFile /etc/.htpasswd
    AuthGroupFile /dev/null
    AuthName Bill's Restaurant
    AuthType Basic

    <Limit GET>
    require user William
This .htaccess file will only allow one user, "William", to access the directory billy; provided the correct password is given. The password is to be stored in the /etc/.htpasswd file (see the AuthUserFile declaration in the .htaccess file above).

Note that the AuthUserFile implicitly assumes the "/usr/home/[login]" prefix to the path. You must explicity state this prefix when setting the htpasswd path.

To set up the password for "William" issue the following command:

% htpasswd -c /usr/home/[login]/etc/.htpasswd William

You will then be asked for your password.

You may use the htpasswd command without the -c flag to add additional users; e.g. where peanuts, almonds, and walnuts are additional users:
    % htpasswd /usr/home/[login]/etc/.htpasswd peanuts
    % htpasswd /usr/home/[login]/etc/.htpasswd almonds
    % htpasswd /usr/home/[login]/etc/.htpasswd walnuts
NOTE: To run the htpasswd command correctly, you will need to prepend the /usr/home/[login_name] path to the password file specification (substitute your login name for [login_name]). You do not need to use the /usr/home/[login_name] path in the .htaccess file.

Recommended Books
You can also learn about User Authentication in some of the Web Server Configuration and Web Security books we recommend.

Administration Utilities

About Apache Server

Virtual Server Basics

Web Server Configuration

Advanced Server Configuration


Web Security
Web Security:
A Step-by-Step
Reference Guide


Web Security & Commerce


Administering Web Servers, Security and Maintenance
Administering Web Servers, Security and Maintenance


Web Security Sourcebook
Web Security Sourcebook

Apache: Web Server Directives Guidebook


Apache Server Bible

$39.99 logo
Search for :
Enter keywords...