How to setup password protected web pages

Note that you can only password protect web pages that are in your WWWS directory (not your WWW directory).

There are few files you need to create in order to setup password protection, a .htaccess file in the directory you want to protect and password and group (optional) files. The first line of the .htaccess states where the password file is located. Here is a simple .htaccess file:

SSLRequireSSL
AuthUserFile /home/bubba/pwd/.htpasswd
AuthName "myfriends"
AuthType Basic

require user jack
require user jill
require user fred

This files will allow only the users jack, jill and fred to access the page. If you have many users you may want to set up a group file as well. Here's an example of a .htaccess using a group file:

SSLRequireSSL
AuthUserFile /home/bubba/pwd/.htpasswd
AuthGroupFile /home/bubba/pwd/.htgroup
AuthName "myfriends"
AuthType Basic
 
require group friends

Next you'll need to make sure that the webserver can read your .htaccess file, otherwise you will just get an error when you try to access the directory. To do this, use the following command chmod 644 .htaccess to make the file readable.

Now to setup the password and the group file. Both files must be world readable. You also do not want to put these files in the WWWS (or WWW) directory where they can be downloaded. In the examples I set up a directory name "pwd" to store these files. Use the command htpasswd to create and add to the password file. Here's how to create the directory and setup a password file:

math% pwd
/home/bubba
math% mkdir pwd
math% chmod a+x pwd
math% cd pwd
math% htpasswd -c .htpasswd jack
Adding password for jack.
New password:
Re-type new password:
math% htpasswd .htpasswd jill
Adding password for jill.
New password:
Re-type new password:
math% chmod a+r .htpasswd

You only use the -c option when you create the password file. The group file is a simple format like this:

friends: jack,jill,fred
enemies: peter,paul,mary