This technique is used when you wish to prevent regular web users from accessing documents and other files in a sub-directory of your web site. This method is NOT available under the NT / Frontpage platform.

Create a directory, for this example we'll use "secret" within your public_html directory. It will appear as:
http://www.yourdomain.com/secret/

Create a .htaccess file within the "secret" directory with a UNIX text editor, such as pico or vi. Novice users are suggested to use pico. Type the following text into your .htaccess file:

AuthUserFile /export/home/username/passwords/.htpasswd
AuthName access
AuthType Basic
<Limit GET POST PUT>
require valid-user
</Limit>

Replace username with your login name. You may replace the passwords subdirectory with any name you like. Make sure to run
chmod 644 .htaccess

Browsers accessing files and subdirectories under the directory that contains the above .htaccess file will be prompted for username and password and authenticated with the contents of the AuthUserFile.

The AuthUserFile line specifies where your .htpasswd file is located. The .htpasswd file specifies the allowable users for the subdirectory as well as their passwords. The passwords in the file are encrypted. To completely secure the site, we recommend you place the .htpasswd file within your home directory but NOT within the public_html subdirectory. We suggest you create it in a subdirectory called "passwords" within your home directory.

Adding Users

Removing Users

Changing Users

Here are some excellent links for password-protected directories for the Apache Web Server:

• Apache Week's article on user authentication
• www.apache.org FAQ