Support Forum
How-to Resources
Password Protection

How do I set up password protection for part of my Web site?

You can protect any part of the directory tree of your Web site through commands placed in a file called .htaccess in the directory at the top of the tree you wish to protect. For example, if you wish to protect a subdirectory called main, you would create a .htaccess file in your ~/htdocs/main/ subdirectory.

Password protection requires at least some of the following commands in your .htaccess file:

AuthUserFile   /web/domain/domainname/passwd
AuthGroupFile  /web/domain/domainname/passwd.group
AuthName       keyword
AuthType       Basic

<Limit GET POST PUT>
require user usernames
require group groupnames
require valid-user
</Limit>
...where userid is your login name, keyword is any single word that describes your Web site (for example, "MySite"), and usernames and groupnames are lists of users and groups, respectively, that will be allowed access to this area of your site.

Only one of the three require statements should be used. If you put more than one user or group on a line, separate them with spaces, not commas.

If you do not need group access control (see below), replace the AuthGroupFile line with:

AuthGroupFile  /dev/null
If you have this file set up correctly, anyone visiting this area of your site will be greeted with an authorization window (on most browsers) that asks for their username and password. If they cannot supply a valid username and password, or the user is not listed on a require user line, or the user is not in a group listed on a require group line, access will be denied.
How do I add usernames and passwords?
The files that store encrypted passwords for your Web site should be stored in your home directory or a sub-directory thereof. To create these files, you should use the touch command:
touch ~/passwd
When your password file(s) have been created, you can add users with the htpasswd command:
htpasswd /web/domain/domainname/passwd newuser
...where domainname is your home directory name, and newuser is the username you want to add or change. You will be prompted twice for the password.

If you want to change a password, use the same command. If you need to delete a user, use your favorite text editor on the /web/domain/domainname/passwd file, and delete the line that begins with the user's name.

How do I use group access control, and why would I?
A group is a collection of users. You can set up and authorize entire groups of users, rather than laboriously adding each user to the require user line. If you want to allow any valid user (ie, one large group), simply use the require valid-user directive instead of setting up a group. If you require two or more distinct groupings of users, however (perhaps for different subdirectories or different levels of access to your site), you should use group access control.

You can create the passwd.group file with the touch command:

touch ~/passwd.group
You should not use htpasswd to manage this file. Instead, use your favorite text editor and create entries in the file that look like this:
somegroup: user1 user2 user3
anothergroup: joe harry sally
You can use as many of these lines as you like; each one creates a group of users. Users can be in more than one group (or none). Be sure to use spaces to separate users on each line, rather than commas.

To use this group file, make sure the following line appears in the .htaccess file:

AuthGroupFile  /web/domain/domainname/passwd.group
Next, in the <Limit> section of the .htaccess file, use a require group groupnames directive to restrict access to the groups that you specify. If you want to allow more than one group, list them on the same line, separated with spaces (not commas).

Return to How-to Resources

Search Support:

[ Main Page | Web Hosting | Support | On-Site Service | E-Mail Us ]

Call Toll-Free!  888-707-9321

Web Page Design - Internet Design Solutions - Call Today - 888-707-WEB1!
1995-2010: FIFTEEN YEARS
Thank You For Your Business!!!