.htacess password a web folder

Posted under » Apache » LAMP Security on 29 May 2021

1st you need to Enable Apache Mod Rewrite(.htaccess). With that done we create the password using the htpasswd utility. This user is not part of the linux user. It just applies to the folder it is created and could be any user. 

$ cd /var/www
$ htpasswd -c .htpasswd kuanyew

You will be asked for a password so please provide a secure password for kuanyew.

Run it again (without the -c option) for any other users you wish to allow access to your directory. Once all users are added, secure it with 

chmod 644 .htpasswd

Mod rewrite will only work with .htaccess so lets edit the file. 

#Protect Directory
AuthName "Dialog prompt"
AuthType Basic
AuthUserFile /var/www/example.com/.htpasswd
Require valid-user

#Protect multiple files
<FilesMatch "^(admin|staff).php$">
AuthName "Dialog prompt"
AuthType Basic
AuthUserFile /var/www/example.com/phpfiles/.htpasswd
Require valid-user
</FilesMatch>

Note that there are 2 sets of .htpasswd files in the above example.

For safe measure, restart apache.

web security linux ubuntu python django git Raspberry apache mysql php drupal cake javascript css AWS data