An  .htaccess  Howto

This is my quick Howto on setting up protected directories on your apache web server1.  Please note: this HOW TO  Applies to the 1.3.x version of the server.  I'm not currently using 2.x, and I understand it is quite different.
The Upper case bold indicates where some type of editing/restarting/action is required. You'll need to decide what directory you want to protect, in the example below we are going to protect a directory called:
/var/www/htdocs
Edit your servers httpd.conf file and to tell apache which directory to protect. If you compiled apache your httpd.conf file will be located in /usr/local/apache/conf/httpd.conf. Using your favorite text editor (vi, pico, nano, etc.) edit the http.conf file and add the following (remember this is an example):
<Directory /var/www/htdocs/2>
AllowOverride All
Order allow,deny
Allow from all
</Directory>
While you are editing your httpd.conf file make sure it has the following information in it:
AccessFileName .htaccess
<Files ".ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
Insert the following lines.  These add the path to the directory we are trying to  protect.
# # Controls who can get stuff from this server. > # > Order allow,deny Allow from all
> <Directory /var/www/htdocs/> AllowOverride All > Order allow,deny Allow from all </Directory>

Save the http.conf file.
Create an .htaccess3 file and paste the following information into it:
AuthName "Authorization required"
AuthType Basic
AuthUserFile4 /var/www/.htpasswd
AuthGroupFile /dev/null
require valid-user
Note that the path /var/www/.htpasswd must be changed to suit your needs.   Also bear in mind at this point the file .htpasswd has not been created. 

Save the .htaccess file and test to see that it exists by entering   ls -a . You should be able to see the hidden .htaccess  in the output of the ls command.
Create a 'apache' virtual user/password file called .htpasswd
Create a 'virtual' user with a password, this user/pass does nothve to be a system user, it is only used by apache to give access to the specified directory. Change directory to where the .htaccess file said it would be. The .htpasswd file stored, in /var/www:
cd /var/www
Use a program called htpasswd. You will have to be root in this example.
sudo htpasswd -c /var/www/.htpasswd anyweb
The htpasswd program will prompt for a password; enter it and then confirm it. Confirm the file is present (it is hidden remember)
ls -a
Look inside the .htpasswd file.
sudo cat .htaccess
Do you see? 
$> anyweb:ARmbxDd.dE
The password string, ARmbxDd.dE, is an encrypted example. Yours will be different.

Change the following lines to include the path to the directories you want to be protected and to which you wrote the .htacess file.
Restart the httpd. Usually this is something like:
sudo /usr/local/apache/bin/apachectl stop
sudo /usr/local/apache/bin/apachectl start
Browse 5to the server to the 'protected' directory, you will be prompted for a username/password if you followed the instructions !

Footnotes:

1
http://httpd.apache.org/docs/1.3/mod/mod_access.html is required for using .htaccess
EXAMPLE CODE IN http:conf:
LoadModule access_module /usr/lib/apache/1.3/mod_access.so
2Notice the terminal slash!
3Notice the leading "." This file will be hidden becuase of the dot. There is no suffix, the file is simply ".htaccess."
4Please note: AuthUserFile must include an absolute path. `\"AuthUserFile .htpasswd `\" doesnt work if you have .htpasswd in your current directory.
5Please use a modern browser, like Firefox.

Valid HTML 4.01 Transitional


File translated from TEX by TTHgold, version 3.70.
On 13 May 2006, 10:07.