How can i easily password protect a site in Apache/Windows?

Solution 1:

Google for:

Apache htpasswd basic auth


Steps:

  1. Create htpasswd file. This file can be called anything, and should be outside your DocumentRoot. Use htpasswd utility for this

    touch /etc/http.passwd
    htpasswd /etc/http.passwd jsilverman
    New password: 
    Re-type new password: 
    Adding password for user jsilverman
    
  2. Add the following to your Apache config, in either (a) your main apache2.conf (more centralized, arguably more manageable) or (b) an .htaccess file in the protected dir (easier, more direct, no apache restart required)

    AuthType Basic
    AuthName "Password Protected Area"
    AuthUserFile /etc/http.passwd
    Require user jsilverman
    
  3. Reload Apache if you did (a), otherwise you are done.


If this happens: htpasswd: command not found

You may need to install apache2-utils or a similar package.


However, I don't really think you searched very hard. There is nothing if not 10s of thousands of examples of this process on the WWW, dating back to the mid '90s. But I'm feeling chatty, so you got a real answer instead of a smartass RTFM. But really, RTFM -- the Apache web server is one of the best documented pieces of open source software, period.

Update: Wow, you really didn't search very well. I just did an "I feel lucky" Google search for "password protect website" and got basically this answer.

Solution 2:

Yes, you can do this via .htaccess files or your httpd.conf.

Here's a generator to build the username/password file: http://tools.dynamicdrive.com/password/
And here's the Apache documentation on it: http://httpd.apache.org/docs/2.0/howto/auth.html