Password Protecting a Directory

How to restrict web access on a per-directory basis

The first and most important thing that must be kept in mind is that you can password protect an entire directory, not individual files. So it is important to put files you want protected into a separate directory from that which you want to be freely accessible.
You will need to create two files in the directory you are protecting with special names.
So let's suppose you want to restrict files in a directory called: "grantwork" with a username "pumpkin" and password called "abcdef". Here's what to do:
Create a file called .htaccess in directory grantwork that looks like this:
AuthUserFile /u/sonia/h1/fa/jsmith/public_html/grantwork/.htpasswd
AuthGroupFile /dev/null
AuthName "ByPassword"
AuthType Basic
<Limit GET>
require user pumpkin
</Limit>
The AuthUserFile should be the name of a file that includes passwords. The AuthName will be displayed by the Browser when it asks for a password. AuthName can be anything you want, but you should make it more unique than "ByPassword" and related to the web pages.
Note that you *must* provide full pathnames in .htaccess to the directory which is to be protected. Tilde substitution does not work.
To find the full pathname type the pwd command at the UNIX prompt in the directory where the file is located. The pathname begins with /u/ it should look like this:

/u/sonia/h1/fa/jsmith/public_html/grantwork/

Now you need to create an encrypted password.
You can generate a standard 13-character UNIX password using a short perl script like this:
#!/usr/local/bin/perl5
$plain = "abcdef";      # String (password) to be encrypted)
$crypted = crypt($plain,  substr(crypt(substr(time, -8), $plain), -2));
print "$plain -> $crypted\n";
Create a file with the perl code listed above, and replace abcdef with the password you want. (Let's call this file: "generator" for further reference.)
To run the perl script type the following command at the UNIX prompt in the directory where the file is located:

julia.1> perl5 generator

Where "generator" is the name of the file where the perl script is located. This will print out onscreen an encryped password that looks like:

fLsPhy3aRxv8o

Now create a one-line file in the "grantwork" directory called .htpasswd using the encrypted password:

pumpkin:fLsPhy3aRxv8o

Lastly you need to change the permissions on the .htaccess and .htpasswd files:

julia.1> chmod 644 .htaccess
julia.2> chmod 644 .htpasswd

Test out your site to see the password protection. If you have problems, check your syntax and permissions.
Related web information:

Mosaic User Authentication Tutorial

Apache Week: User Authentication

The contents of this document were composed by Paul, Jim, Edson, and Yasi of the Math Computing Group.

Last Updated: by Yasi