Protection of your directories by .htaccess

This tutorial will help you protect the directories of your website with the use of a username and a password.

Create a .htaccess file

Log into your server via SSH. It is not necessary to be connected with the “admin” user: you can log in with the user attached to the virtualhost in question.

Create a .htaccess file in the directory you want to protect. All sub-directories will be protected as well.

Insert the following content in the file:

AuthUserFile /srv/d_disk/www/example.com/.htpasswd
AuthName "My site"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>

Use the command vi .htaccess to edit the file. A Google search will help you find the necessary edit commands for vi.

In the case of a Gandi AI server, do not forget to replace d_disk and example.com with the name of your disk and the domain name to be protected.

Please also replace “My site” with the name of your website :)

Creation of the .htpasswd file

Let's create the file with the usernames and passwords authorized to access the protected directories. We need to use the command “htpasswd”.
For security reasons, the .htpasswd file is not located in the same directory as .htaccess. If you are not experienced to choose the directory on your own, the best is to follow the example below:

htpasswd -c /srv/d_disk/www/mydomain.tld/.htpasswd robert
New password: 
Re-type new password: 
Adding password for user robert

The password for the user is then requested. You will also need to confirm it.

Usernames are case sensitive: “robert” is different than “Robert”.

The ”-c” parameter only needs to be used for the first added user: it is used to force the creation of the file. To add other users, use the same command, but without the ”-c” parameter.

Last modified: 10/11/2012 at 17:40 by Amy B. (Gandi)