Password protecting a directory and all of it's subfolders using .htaccess

.htaccess password-protection

I am trying to password protect a subdomain and all of it's subdirectories and files, but my knowledge on the matter is very limited, how can I go about doing that?


It's a simple two step process

In your .htaccess put

AuthType Basic
AuthName "restricted area"
AuthUserFile /path/to/the/directory/you/are/protecting/.htpasswd
require valid-user

use http://www.htaccesstools.com/htpasswd-generator/ or command line to generate password and put it in the .htpasswd

Note 1: If you are using cPanel you should configure in the security section "Password Protect Directories"

EDIT: If this didn't work then propably you need to do a AllowOverride All to the directory of the .htaccess (or atleast to previous ones) in http.conf followed by a apache restart

<Directory /path/to/the/directory/of/htaccess>
      Options Indexes FollowSymLinks MultiViews
      AllowOverride All
</Directory>

To password protect a directory served by Apache, you need a .htaccess file in the directory you want to protect and a .htpasswd file that can be anywhere on your system that the Apache user can access (but put it somewhere sensible and private). You most likely do not want to put .htpasswd in the same folder as .htaccess.

The .htaccess file may already exist. If not, create it. Then insert:

AuthType Basic
AuthName "Your authorization required message."
AuthUserFile /path/to/.htpasswd
require valid-user

Then create a .htpasswd file using whatever username and password you want. The password should be encrypted. If you are on a Linux server, you can use the htpasswd command which will encrypt the password for you. Here is how that command can be used for this:

htpasswd -b /path/to/password/file username password


Just extend Mahesh's answer.

.htaccess

AuthType Basic
AuthName "restricted area"
AuthUserFile /path/to/the/directory/you/are/protecting/.htpasswd
require valid-user

If you don't want to use online password generator, you could use htpasswd or openssl:

1. Using htpasswd 

htpasswd -c /path/to/the/directory/you/are/protecting/.htpasswd my_username
# then enter a password
# -c means Create a new file

2. Using openssl 

openssl passwd -apr1 your_password

Then put the generated password to .htpasswd with format:

username:<generated_password>

Example:

.htpasswd

my_username:$apr1$ydbofBYx$6Zwbml/Poyb61IrWt6cxu0

Related

Best explanation of Ruby blocks? [closed]
Android : How to detect the image orientation (portrait or landscape) picked from gallery while setting on an imageview?
How to change focus color of EditText in Android
C# reflection and finding all references
Entity Framework/SQL2008 - How to Automatically Update LastModified fields for Entities?
Can't display PDF from HTTPS in IE 8 (on 64-bit Vista)
Does calling free or delete ever release memory back to the "system"
PHP foreach with Nested Array?
IE9 JavaScript error: SCRIPT5007: Unable to get value of the property 'ui': object is null or undefined
How to get client IP address using jQuery
Fixed attachment background image flicker/disappear in chrome when coupled with a css transform
mysql transaction - roll back on any exception