In some instances you may find that you need to secure content on your website and require authentication to access this protected content. This can be achieved by using the awesome flexibility of a little bit of code in your .htaccess file. In this article we will cover how to protect both files and directories using your .htaccess file. If you have not created a .htaccess file or you’re not sure how to edit an already existing .htaccess file, please check out our article: Creating and editing an .htaccess file.
How To Password Protect Files
Please be aware that you’ll need to have a valid .htpasswd file in place, as this is where the authorized user credentials are stored. Only valid users in the .htpasswd file will be able to access the protected content. If you’re not sure what an .htpasswd file is or how to create one don’t worry we’ve got you covered! Please refer to the following guide which discusses the .htpasswd file: How to create and use .htpasswd.
With this example you can see how you can protect a single file using the following code inside of your .htaccess:
#Protect a single file <Files filename-you-want-to-secure.html> AuthType Basic AuthName "Prompt-Here" AuthUserFile /home/username/.htpasswd Require valid-user </Files>
How To Password Protect Multiple Files
To password protect multiple files, you can simply copy and paste the last example, and replace the filename with the other file. However an cleaner way this can be done can be found in this second example illustrates how to use the FilesMatch directive to ensure the protection of any file that matches the pattern specified in the rule. You can also simply add files to the list separate by the Pipe character ‘|‘.
#Protect multiple files that match the pattern with a password <FilesMatch "^(file|index.html|file2)*$"> AuthType basic AuthName "Auth-Name-Here" AuthUserFile /home/username/.htpasswd Require valid-user </FilesMatch>
How To Password Protect Directories
The final example shows you how to password protect a directory that the .htaccess file is in. Usually this is the method recommended if you should need to Password Protect multiple files. Put them into the same directory then password protect the entire directory.
#Secure a directory that the .htaccess file is in with a password AuthType basic AuthName "Protected Directory" AuthUserFile /home/username/.htpasswd AuthGroupFile /dev/null Require valid-user
By using any of the examples in this article you should now be able to share content both efficiently and securely with any user that you authorize.
If you make a change that the Web Server is unable to parse correctly, or doesn’t recognize, it may show a 500 error on your site. In which case it is recommended to revert the last change made to the .htaccess file, or rename to something other (such as .htaccess-bak .
Related Articles
- Creating and Editing An .htaccess File – A great guide that goes into the basics of having an .htaccess file and how to edit this file.
- What Is An .htaccess File – Further describes the .htaccess file and how it can be used.
- Set A Permanent Redirect Using .htaccess – How to setup a permanent (301) redirect using the .htaccess file with Apache.
If you should have any questions or would like assistance, do feel free to contact us through Live Chat or by submitting a ticket with our Technical Support team.