FAQs - Password Protecting Directories

This tutorial is designed to enable you to password protect individual directories within your hosting space. Such protection denies access to users who do not have a correct username and password combination. This is completely separate to our usual login mechanism.

You will need:

• A Linux hosting account
• An SSH client, e.g. PuTTY or SecureCRT
• A Static IP address from your ISP which should be provided to our support team to enable SSH access on your account.
• Knowledge of Linux text editors, e.g. vi or pico

First, you should create a file called ".htaccess" in the directory you wish to secure. E.g. if you wish to secure http://www.yourdomain.com/site/members/ then you should create the file within public_html/site/members. This file should contain the following:

	AuthUserFile /path/to/.htpasswd
	AuthGroupFile /dev/null
	AuthName "Members Only"
	AuthType Basic
	<Limit GET POST>
	require valid-user
	</Limit>

You should change AuthUserFile as detailed below.

The AuthUserFile can be in any location within your space. We recommend putting it into your home directory - i.e. /home/username/.htpasswd - for optimum security and obviously replace the /path/to/.htpasswd in AuthUserFile with this. Now whenever somebody tries to access your protected site, they will be asked for a password.

We should now create the "AuthUserFile", which is the list of usernames and encrypted passwords. For the first creation, you should run this command at the command prompt in the SSH client:

	/usr/local/apache/bin/htpasswd -cb /path/to/.htpasswd someusername somepassword

You should subsequently use -b rather than -cb once the first username has been created. Now when you try and access the directory you have protected, you can use any usernames and passwords you have created.