Protecting a folder in Unix/Linux using .htaccess and .htpasswd
To protect a folder in Unix/Linux using .htaccess and .htpasswd, use the following steps:
[1] Go to folder you wish to protect and create a file called .htaccess with the following info:
AuthUserFile /home/your_username/.htpasswd
AuthGroupFile /dev/null
AuthName "Restricted Area"
AuthType Basic<Limit GET POST PUT>
require user admin
</Limit>
[2] Go to the location for your .htpasswd file (typically should be in your home area outside of the public_html folder). If the .htpasswd file does not exist, create it using the following syntax. Enter the password when asked for.
> cd /home/your_username/
> htpasswd -c .htpasswd admin
[3] Make sure your .htpasswd file is readable from the web - chmod it to 644.
> chmod 644 .htpasswd
[4] If additional users need to be allowed access to the same folder,
[4.1] add the users to the .htaccess file (edit the file mentioned in step 1):
require user admin user2 user3
[4.2] add the users to the .htpasswd file (update the file mentioned in step 3). Note that the "-c" option in step 3 is not used here. The "-c" is only used when creating the .htaccess file:
> htpasswd .htpasswd user2
> htpasswd .htpasswd user3
An excellent and easy tutorial is at: http://hoohoo.ncsa.uiuc.edu/docs/tutorials/user.html. A cached copy is here.
I think you forgot to mention that your .htpasswd\'s password should be in MD5 hash code and not the actual password.
Try this MD4 Hash generator
http://www.zappersoftware.com/Help/md5.php
@Brajeshwar: Thanks for the note about the MD5. I generate my MD5 in Linux using the \"htpasswd\" command. But for someone who needs .htaccess but does not have shell access (example: FTP access only), the MD5 version of the password is definitely required. Thanks for the tip!