How to protect a web page with .htaccess

If you happen to need to protect a web page but not only for LSC usage, you need to perform the following steps:

  • Create the directory to protect under your WWW tree, e.g. mkdir -p ~/WWW/PROTECT
  • Create a file named .htaccess in it with the following content (exchange your username accordingly)
AuthUserFile /home/carsten/WWW-secrets/PROTECT
AuthGroupFile /dev/null
AuthName "Files under this directory are protected, please enter credentials"
AuthType Basic


require valid-user

This will ask the web server to look into the file /home/carsten/WWW-secrets/PROTECT (where I chose to place the password for this access). It will display the text after AuthName once you try to access the directory/page. Also, it requires the use of https instead of the non-encrypted http transport.

  • now use pwgen 12 1 or similar tools (please don't do this on the web) to generate a nice password
  • initially run htpasswd -c /home/carsten/WWW-secrets/PROTECT Atlantis to create the user Atlantis (case sensitive!) - it will ask for a password - enter the one you just generated

That's basically all, if you now surf to there should be a password box popping up in which you should enter Atlantis and the password.

To add extra users, re-run the htpasswd command but omit the -c options as this will wipe out all existing users.

DocumentationForm edit

Title How to protect a web page with .htaccess
Description Using htaccess file to protect some directories from too nosy surfers
Tags apache, htaccess
Category User
This topic: ATLAS > WebHome > GeneralDocumentation > ProtectWebpagesWithHTAccess
Topic revision: 10 Feb 2012, ArthurVarkentin
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback