You are here: Home / Help Center / Domain Admin Help / Domain Administration Website / Domain Website Password Protected Directory

Domain Website Password Protected Directory

by tcitgAdmin — last modified Jan 04, 2016 05:28 PM

You can use the .htaccess file and a .htpasswd file to password protect any directory on your Domain Website:

  1. Create a directory that you wish to password protect, for instance,  example.com/members. In the members directory, create an .htaccess file and open it with a text editor such as NotePad++, TextEdit or Sublime Text. (Important: Please note that a dot (.) in front of a filename such as .htaccess denotes a hidden file. Please make sure that your SFTP client is set to show hidden files.)
    1. Note that files with a '.' prefix in the name are invisible to the web
    2. The .htpasswd file is the conventional name for the password file. It may be renamed to something else. Be sure that the name is reflected in the path in the AuthUserFile in the .htaccess file.
    3. Note that there must be content in the directory being protected or you'll get a 'forbidden' error. To test, add a file named index.html to the protected directory such as the following, then open a web browser to http://example.com/members/index.html and you'll see "Hello World!".
      1. <html> Hello World! </html>
  2. In the .htaccess file enter the following. Note the path following webpages consists of the first two letters of the domain name. For example.com those letters are 'e' and 'x'. For mydomain.com they would be 'm' and 'y'.
  3. AuthUserFile /services/webpages/e/x/example.com/private/.htpasswd
    AuthName "Please Log In"
    AuthType Basic
    Require valid-user
    AuthUserFile - This is the path (i.e., location) to the .htpasswd file. In this example, the .htpasswd file is in the /private folder in the root (/) directory.                                                                   AuthName This is what the user will see when accessing the directory: "Please log in" or "Password required", etc.
    pleaseLogIn2.png

    AuthType - The entry for this is usually Basic.
    Require valid-user - This means any user listed in the .htpasswd file can log in.
  4. Next, create a .htpasswd file in the Base Web account directory, for example, /public
  5. Next, you need to add the usernames and passwords to this .htpasswd file; however, the passwords MUST be encrypted. Because this can be a problem for anyone without programming experience it is easiest to use a .htpasswd generator found on the Web:
    http://www.kxs.net/support/htaccess_pw.html
  6. After generating the necessary usernames and encrypted passwords, please make a note of them and enter the usernames and the encrypted form of the passwords into the .htpasswd file:
    john:9v5ZJdZRKYyXg
    jane:Qg4Q2usbXx8YI
    Jill:veDTZKuYdTiU.

    Please note that both the username and the password are case sensitive, and that the ones you enter into the encryption tool are the same that you will use to log in to the protected directory.

  7. In your browser, navigate to your password protected directory, e.g., example.com/members.  You should be presented with a prompt.
    pleaseLogIn2.png
  8. Enter the username in the Name field and the corresponding password in the Password field and click OK.