How to Password-Protect a Web Page


If your web server is Apache, you'll need these three (3) files to password-protect a directory within your web space:



  1. .htaccess governs 'groups' permitted to access your protected directory. We define groups in the next step.
  2. .htaccess must reside in the directory it is meant to protect. It will also recursively protect sub-directories beneath it.
  3. Sample Syntax:

    AuthUserFile /home/csdue/username/public_html/.htpasswd
    AuthGroupFile /home/csdue/username/public_html/.htgroup
    AuthName My_Secure_Site
    AuthType Basic
    <Limit GET>
    require group AuthList


  1. .htgroup maps authorized groups to authorized userids.
  2. .htgroup doesn't necessarily need to reside in the protected directory.
  3. Sample Syntax:

    AuthList: userid1
    AthList: userid2
    AuthList: userid3
    AuthList: userid4

    Q. Which unfortunate user won't be able to access your protected directory?
    A. userid2, because AuthList is misspelled.


  1. .htpasswd maps userids to their encrypted passwords.
  2. .htpasswd doesn't necessarily need to reside in the protected directory.
  3. Generate your users' encrypted passwords using one of these methods:
  4. Sample Syntax:



  1. Although various permission schemes will work, only you need to be able to read and write to your authorization files:

    ~/public_html% chmod 644 .ht*

  2. Your .ht* files should be accessible by the owner of your system's httpd process, so the httpd process has permission to read them.