This tutorial applies to Apache based web servers. It requires:

  1. Editing the server configuration file (httpd.conf) to enable/allow a directory structure on the server to be password protected. Basically the default <Directory> access permission statement need modification.
  2. The creation and addition of two files specifying the actual logins and passwords. (.htaccess and .htpasswd)

Use this sparingly because Apache will have to check all directories and subdirectories specified in the configuration file for the existence of the .htaccess file adding to a servers latency.

When trying to access a file in a protected directory, the user will be presented with a window (dialog box) requesting a username and password. This protection applies to all sub-directories. Other .htaccess files in sub directories may respecify access rules.

Apache authentication uses the modules mod_auth and mod_access.

Apache configuration file:

File: /etc/httpd/conf/httpd.conf (older systems used access.conf)

Default: This disables the processing of .htaccess files for the system.

     <Directory />
     AllowOverride None

or for a specified directory:

     <Directory /home/domain/public_html>
     AllowOverride None

Change to and/or specify directory to protect:

     <Directory /home/domain/public_html/membersonly>
     AllowOverride All


     <Directory /home/domain/public_html/membersonly>
     AllowOverride AuthConfig

AllowOverride parameters: AuthConfig FileInfo Indexes Limits Options

The name of the “distributed” and user controlled configuration file .htaccess is defined with the directive: (default shown)

 AccessFileName .htaccess


Post By Editor (2,827 Posts)

Website: →