Protect directory .htaccess

Using .htaccess to Protect an Entire Directory

We all know that .htaccess is great for protecting single files, but it also comes in handy when you need to protect the entire directory.

The Problem

You have documents that you store on your webserver but don't want them to be accessed. The files are all contained in one directory. You need users to enter a username and password in order to access the directory. This ensures that no bots, and only authorized user will be able to access the files.

The Solution

Using .htaccess you require the users to authenticate via a username and password combination. You create an .htaccess file (or edit an already existing one) in the directory you wish to protect. Our copy/paste solution below gives you an idea of the syntax.

Feel free to copy and paste the solution.

<Directory> AuthName "username" AuthType Basic AuthUserFile /home/userdir/.htpasswd require valid-user </Directory>

You will also need to create the password file. Use SSH and shell to the directory you want to protect. Type htpasswd -c /path/to/yourfile/.htpasswd to create the password file. Make sure the location of the file matches the one you specified in .htaccess.

You will want to place the user authentication file somewhere out of the webserver's root directory. Chmod to 644 to ensure proper operation.

Requirements

Must be using an Apache Httpd Server. This may work on Windows but will require a third party module. You must have FTP access or Secure Shell access to the webserver.

Tip

The reason the .htaccess has a . in front of it is to hide it from prying eyes. You will need to use ls -a to see hidden files.

Additional Reading

.htaccess tutorial - Tutorial on using .htaccess to customize your web server