htaccess can be used in co-ordination with the Apache web server to password protect certain files and directories on your web server.
This document assumes that you have Apache already set up and running correctly. If this is not the case please visit http://www.linuxhelp.ca/guides/apache/ for help with installing and configuring Apache.
For my own sanity I'm going to assume that you followed the Apache Setup Guide on our site and that you have apache installed at /usr/local/apache and your HTML documents are located in /usr/local/apache/htdocs. Now let's say you have a directory called admin in /usr/local/apache/htdocs and you would like to password protect it and give certain users access. The first thing you need to do is open up your httpd.conf file and find the section that looks similar to this:
Once you've found the similar lines in your httpd.conf you can add the following section underneath it:
Options Indexes FollowSymLinks Includes
Allow from all
Once you've added the new section, save the httpd.conf file and restart apache. You can normally do this by running killall -HUP httpd as root. Now that the admin directory is properly configured for htaccess you'll need to set up the .htaccess and .htpassword files.
Change into the directory you want to protect (for this guide we are using /usr/local/apache/htdocs/admin) and create a file called .htaccess. To do this you can run touch .htaccess in the directory. Now open up the file with a text editor (nano, pico, vi, joe etc) and enter in the following lines:
AuthName "Authorization Required"
The AuthUserFile directive containts the path to the password file that users will be authenticated against.
AuthName is the message that will appear on the login prompt. The default is Authorization Required but you can change this to whatever you like.
AuthType selects the type of user authentication that will be used. You can leave this as Basic
require let's all the valid users in the .htpasswd file access the directory.
Once your .htaccess file is set up, save and exit the file. You must now create the .htpasswd file. To do this you can use the htpasswd program that comes Apache. If you followed the Apache Guide, htpasswd should be located in /usr/local/apache/bin. If not you can run updatedb as root and then type locate htpasswd to find it.
To create the initial .htpasswd file you must use the -c flag. As root run:
htpasswd -c /usr/local/apache/htdocs/admin/.htpasswd username
Don't forget to change the directory .htpasswd will be located in. The above is set up for securing /usr/local/apache/htdocs/admin. As well change username to whatever username you want to use to log in. It will then prompt you for a password. The next time you add a user you can drop the -c flag since it is only used for the inital creation of the file.