![]() |
|
Customer Support
How do I protect a directory with .htaccess?
If you have a folder on your website that contains sensitive or restricted information, you can password-protect it to prevent unauthorized visitors from seeing its contents using what's called "HTTP authentication" (you can read more about it here). There are two ways to password protect folders/directories on your website. We recommend our Folder Password Protection tool in the control panel for most users. But, if you are familiar with htaccess files, you can also edit them manually.Using the Onsite Control Panel Tool
In the Onsite Control Panel, click on Folder Password Protection. Follow the on-screen directions to specify which folder/directory to protect. You will also be prompted to specify usernames and passwords associated with that directory.
Manual Method
First, verify the real path to your home directory.
Next, in the directory you want to protect with HTTP authentication, create or upload a file named:
.htaccess (remember to include the "." before the "htaccess"). Files that begin with a dot are hidden from regular file listing (ls) commands. To see files that begin with a dot, do a complete file listing command (
ls -a) or see this other FAQ. The .htaccess file should contain the following 4 lines:
AuthType Basic
AuthName "Some Description"
AuthUserFile /[home dir full path]/[passwordfile]
Require valid-user For example, if your domain was example.com, then the third line would read:AuthUserFile /www/vhosts/e/example.com/allowlistIn the above example "allowlist" is the name we've chosen for the password file. Next, you need to create the password file itself using the filename that matches what you put as [passwordfile] in the .htaccess file. Using our example, you would do this using a command prompt and typing:htpasswd -c allowlist myuser
Once you've done the above step, you will be prompted twice for the user's password. If you just want to add another user to an existing password file, or change a password for a user already in the file, then leave off the -c option. To learn more about the "htpasswd" command, you can read this documentation page. Also, you can type "htpasswd" by itself to see all the command's options.You can delete the .htaccess file from the command prompt by typing:
rm htdocs/www/.htaccess (where htdocs/www/ was the directory that you put the .htaccess file in to begin with).When using the htpasswd command, if you see an error "Cannot create temporary file," then create a "tmp" subdirectory in your home directory with your FTP program or from the command prompt like so:
cd mkdir tmp
User-Contributed Notes |
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|
|||
Related Questions:
Why does my website just say "Error 403 Forbidden"?
How can I show a default page other than index.html?
How do I stop people from getting directory listings when I dont have an index page?
What do the different HTTP Status Codes like 200, 304, 404, 401, 403 mean?
What options are configured with Apache and what can I do with .htaccess files?
How do I protect a directory with mod_auth_mysql?
How do I stop other websites from using my bandwidth while they steal images, flash, etc. from my site?
Which Apache modules are installed?
How do I make my own Error Documents to replace the default ones like
404 Not Found?How can I make apache recognize different MIME types?
The webservers' Gzip compression is messing up my XML or Flash files for Netscape 4 browsers. How do I turn off compression?
How do I get different character sets to display correctly?
What webserver do you run?
Will I have access to raw logfiles?
I created a symbolic link, and now I am getting a 404 errors.
How do I stop the server from automatically correcting spelling mistakes in URLs or offering multiple choices for documents?
My mod_rewrite rules make my website stop loading.
Why am I getting a 412 Precondition Failed from a website?
How do I protect my website from comment spam?
How do I enforce the use of SSL on my website?
How do I redirect traffic to another web page?
Browse Categories:Getting Started, FTP, Telnet/SSH, Moving Domains, E-mail, Traffic Reports, Mailing Lists, Apache, PHP, CGI, Other Server-Side Scripting, MySQL Database, Imaging Libraries, Other Software, Billing & Terms, Control Panel, E-commerce, Pre-Sales |

