Htaccess file is used to control access to directories in the web server. Normally, website administrators write htaccess file to put appropriate access control to files and pages stored in a specific directory. This method of directory access control is useful when you have a small number of users whom you want to give permission to view your contents.
Create an .htaccess file to inform the Apache that it needs to authenticated users before allowing access to a particular web directory. This htaccess file should have read and write permission for user and read only permission for both global and world, which mean this file’s permission should look like 644(the value of read permission is four(4), write permission is two(2) and execute permission is one (1).
Requirements: enable the basic authentication module in Apache.
The contents of the htacess file are as follows:
AuthName “Members Only”
Note: the AuthUserFIle is used to point the the location of the password file, which is saved as an .htpasswd file in the pwd direcroty. Pwd is just a simple directory that you create to save your password file.
The above code of htaccess file has been tested in a WAMP server. If you are developing your web applications in a WAMP then you can copy the above codes and paste it in your text file and save it as .htaccess. Remember that when you will try to save this file with a dot(.) in front of htaccess, your OS may not let you save it. So, save it using a double a quote just like this: “.htaccess”
The pwd is just a folder created to store the .htpasswd file. You can store this password file either in a newly created folder or in any other location. To avoid security risk, in the above case, pwd folder has been put outside the publicly available www directory.
Creating password with htpasswd command line
Open the cod in Windows
Then type the following location if you have installed WAMP in your C drive.
Next type the following command to create a user name and password
The command for creating password file is:
htpasswd –c c:/wamp/pwd/.htpasswd mark
Here the -c is used to create the .htpasswd file for the first time.
Note: apache 2.4 has an issue with opening file with encrypted password. If you face any such problem, use the following command to create your password (in encrypted form) and user name
htpasswd -b passwdfile username password
Alternatively, you can type the followings in a text file and save it as .htpasswd.
Here mark is user name then the numbers (1234) after colon is the password. The problem with creating password with txt file is that the passwords will not be encrypted. You need to use php scrpt() function to encrypt it. The main advantage of creating user name and password with htpasswd tool is that it automatically encrypts the password.
The simple two steps to create a password protected page or directory
- Create a password file using htpasswd utility and store the password file anywhere. For example, you can put this password file in the htpasswd directory.
- Next, create an .htaccess file and put this file inside the directory that you want to protect.
Note: never store your password file within the URI space of your webserver. You should remember that the password file must be in a location that is readable by the webserver. In addition, you must not store a password file in a password-protected directory.
More information about basic authentication can be found at wiki.apache.org/httpd/PasswordBasicAuth