1) Create a file named .htaccess under the directory which you want to protect
# cd /srv/www/htdocs/protect/
Use your favourite editor to create a file called .htaccess
# touch .htaccess
2) Add the required lines to this .htaccess file
AuthUserFile /etc/apache/.htpasswdIt's good idea to place the password file at some secure place (/etc/apache) folder
AuthName "Auth required"
3) Create the .htpasswd file and add the users/passwd
# cd /etc/apacheThis will add the user "nikesh" and password into the .htpasswd file, you can open and check the entry (you won't be able to read the password)
# htpasswd2 -c .htpasswd nikesh
Re-type new password:
Adding password for user nikesh
To delete the user entry: # htpasswd2 -D .htpasswd nikesh
To add new user: # htpasswd2 .htpasswd user
4) Configure the apache configuration file (httpd.conf)
Alias /protect "/srv/www/htdocs/protect/"When you set up .htaccess files it will be effective for the directory that they are placed in as well as any subdirectories. If you wanted to set up a direcotory so that it could execute CGI scripts you could use a .htaccess file to do that.
Options Indexes MultiViews FollowSymLinks
Allow from all
Here the most important part is the option "AuthConfig" for "AllowOverride", if for some reason you don't want to use the .htaccess file, just place the option "None" for "AllowOverride".
5) After doing all the required changes, restart the apache server.
Now, just browse to the directory path that you have protected and see if you are getting the username/password dialog, provide the correct values and see if you are allow to enter.
Below are the most common problems experienced by users attempting to setup htaccess.
1. Permissions on both .htaccess and .htpasswd - Both the .htaccess and .htpasswd files need to be world readable.
2. Fully qualified path to .htpasswd incorrect - The correct fully qualified path to a valid .htpasswd file must appear beside AuthUserFile in the .htaccess file.
3. The username doesn’t exist in .htpasswd