Apache, PHP, MySQL, ASP.NET, JSP and Perl Solutions for your Web Development and Hosting Needs on Windows.
A Complete Web Development and Hosting Platform for Windows.

Implement User/Password-protected Directories

DeveloperSide.NET Articles

Important Notes

  • Make sure that directory C:\www\Apache2\bin is specified under the System Path variable (if you installed our Web-Server Suite package, this is set). We will use a program named htpasswd.exe, that is contained under the mentioned directory, to create a password file for the specified users.

Create the protected Directory

This section will show you how to create directory "private" outside the Web-Server's webroot directory "C:\www\webroot" using the command prompt.

Open the Windows command-shell via Start » Run... cmd.exe <click ok>

Change to the drive letter of your Web-Server Suite's root directory (this is the drive you installed the Web-Server Suite under; for this example we will use drive "C:")...

...> C:

Change to the path of your Web-Server Suite's root directory (for this example we will use path "\www")...

C:\...> cd \www

Create the directory you want to restrict access to with a user/password prompt (we will create directory named "private")...

C:\www> mkdir private

Change to your newly created directory...

C:\www> cd private

Create user/password file

Continuing from the previous section, we are now ready to use htpasswd.exe to create a file named ".htpasswd": this file will contain user names with their respective passwords (the passwords will be encrypted before placed under the file).

This 1st line (with switch "-c" -- that will not be repeated in the following lines) will create a file named .htpasswd under the current directory (C:\www\private). The password given will be encrypted by the htpasswd.exe program (due to the "-m" switch -- MD5 encryption).

User named "user1" with password "passuser1" is specified 1st...

C:\www\private> htpasswd -cmb .htpasswd user1 passuser1

Add user named "user2" with password "passuser2" to the .htpasswd file...

C:\www\private> htpasswd -mb .htpasswd user2 passuser2

Add user named "user3" with password "passuser3" to the .htpasswd file...

C:\www\private> htpasswd -mb .htpasswd user3 passuser3

Configuration -- httpd.conf

We can now edit Apache's httpd.conf file to bring everything together.

Edit file C:\www\Apache2\conf\httpd.conf

Make sure that the following two 'LoadModule' lines are uncommented, by removing the beginning "#" character...
(These 'LoadModule' lines should already be uncommented, by default)

LoadModule access_module modules/mod_access.so
LoadModule alias_module modules/mod_alias.so

Uncomment the following two 'LoadModule' lines, by removing the beginning "#" character...
(The 1st line is required for directive 'AuthUserFile')
(The 2nd line is required for directive 'Options Indexes': to display the index of a directory)

LoadModule auth_module modules/mod_auth.so
LoadModule autoindex_module modules/mod_autoindex.so

Insert code...

<Files ~ "^\.ht">
   Order allow,deny
   Deny from all
</Files>

Alias /private "/www/private"

<Directory "/www/private">
   Order allow,deny
   Allow from all

   Options Indexes
   AuthType Basic
   AuthName "Private Access"
   AuthUserFile "/www/private/.htpasswd"
   Require valid-user
</Directory>

Save file and Restart Apache...
(from the command prompt type the following)

> net stop Apache2
> net start Apache2

Test protected Directory

Access http://localhost/private/

Enter one of the user/password combinations...
You should now see either the directory structure, or (if you have an index.html\php file under the accessed directory) your index file.

To [truly] logout as the user, you must close the browser window.

Advanced Configurations and Features

You can also grant/restrict access to the user/password protected directory with IP addresses...

Replace the original "<Directory "/www/private">" block with this updated version...
(or simply replace the first two lines of the original block)

<Directory "/www/private">
   Order deny,allow
   Deny from All

   Options Indexes
   AuthType Basic
   AuthName "Private Access"
   AuthUserFile "/www/private/.htpasswd"
   Require valid-user
</Directory>

Below the line...

Require valid-user

..add the following code...

Allow from 127.0.0.1
Satisfy Any

...if you access the protected area from your local system (IP address -- 127.0.0.1), there will be no need to enter a user/password combination.
(Note that you can add multiple "Allow from ip-address" statements to grant access)

...by using the following code instead...

Allow from 127.0.0.1
Satisfy All

...you will have to access the protected area from your local system (IP address -- 127.0.0.1) AND will need to enter a valid user/password combination.

In the Spotlight

In the Spotlight

Developing and Hosting PHP+MySQL based websites and applications has never been simpler. The Web.Developer Server Suite provides a Platform & Framework on which to create standards-based CSS, XSLT, and XHTML sites running on PHP and MySQL. Save your time, focusing on core business. Reduce complexity and maximize your productivity.

Developers

Developers++

The Web.Developer Server Suite is more than just a Windows based Apache|PHP|MySQL Platform. Suitable for novices and professionals alike, a complete Hosting Solution is provided that is capable of creating and deploying websites and web applications both locally and on the internet. Create, test, publish and maintain your websites in-house, on your own server, where you are in full control.

Newsletter Signup

Newsletter Signup

Enter your e-mail address: