Protecting a Website or Directory with a Password Using .htaccess and .htpasswd
Securing a website or a specific directory with a password is a simple yet effective way to restrict access. This can be done using .htaccess and .htpasswd files in Apache. The .htaccess file controls access, while the .htpasswd file stores the usernames and hashed passwords.
Video Instruction
The video instructions show a slightly different setup option.
Creating the .htpasswd File
The .htpasswd file contains credentials in the format:
username:hashed_password
Since storing passwords in plain text is insecure, we must hash them using a secure algorithm like MD5 or bcrypt. You can generate a hashed password using an online service such as htpasswd generator. Once generated, save the .htpasswd file in a secure location, preferably outside the web root.
Configuring .htaccess to Require Authentication
To password-protect an entire website or a specific folder, create (or edit) the .htaccess file inside that directory and add the following lines:
AuthType Basic AuthName "Restricted Area" AuthUserFile /path/to/.htpasswd Require valid-user
AuthType Basicenables basic authentication.AuthNameis the message shown in the login prompt.AuthUserFilespecifies the path to the.htpasswdfile.Require valid-userallows access only to users listed in.htpasswd.
Allowing Multiple Users
You can add multiple users to .htpasswd, each with a hashed password:
user1:$apr1$abcdefg$xyzxyzxyzxyzxyzxyzxyz user2:$apr1$1234567$abcdefghijklmnopqrs
Each user will be able to log in using their unique credentials.
Restricting Access to a Specific Folder
Instead of protecting the entire site, you can apply authentication to a single directory. Place the .htaccess file inside that folder, and it will protect only that directory and its contents.
Testing the Protection
Once configured, try accessing the protected area. A login prompt should appear, requiring valid credentials to proceed. If authentication fails, access will be denied.
Removing Password Protection
To remove password protection, simply delete or comment out the .htaccess rules. By using .htaccess and .htpasswd, you can easily secure private areas of your website without requiring complex authentication systems.
Similar posts:
-
Cheat sheet for work with Git
Git is an indispensable tool for managing versions of code in development. It allows you to track changes in the project, return to previous versions and work effectively...
-
Making a Query in Salesforce Using SSJS
When working with Salesforce Marketing Cloud, you may need to send data to an external service or fetch content dynamically based on request parameters. Server-Side JavaS...
-
How to Fix Chrome “Pending Authentication” Error When Debugging Android via USB on Windows
Debugging an Android website through USB using Google Chrome on a Windows laptop may sometimes stop working unexpectedly. I recently encountered a problem where USB debug...
I got what you intend, regards for putting up.Woh I am thankful to find this website through google. “Since the Exodus, freedom has always spoken with a Hebrew accent.” by Heinrich Heine.