How to password-protect a web directory (if you are NOT using FrontPage Extensions) DO NOT FOLLOW THESE INSTRUCTIONS IF YOU'RE USING FRONTPAGE. This is somewhat based the Apache Week article on user authorization at http://www.apacheweek.com/features/userauth - see it for more info. Also see the Apache documents at http://httpd.apache.org/docs/howto/auth.html Assume: - the username is joe - his home directory ~joe is at /home/joe - his web directory is /home/joe/public_html - the directory he wants to secure is /home/joe/public_html/private - the server is configured to allow you to override the defaults in a .htaccess file - htpasswd program is in the path (common locations for it are /usr/local/bin/htpasswd and /usr/local/apache/bin/htpasswd). - the user name for the private directory is "joseph" and the password is "coat". A second user is "potiphar" with password "miz" (1) Create a password file in the directory to be protected. the -c flag for htpasswd not only creates a non-existent password file, but also will empty an existing password file. - mkdir public_html/private - chmod 755 public_html/private - cd public_html/private - htpasswd -c .htpasswd joseph answer "coat" twice for the password prompt - chmod 644 .htpasswd add the second user to the password file - htpasswd .htpasswd potiphar answer "miz" twice. You use the same procedure for changing an existing password as you do for adding a new entry. To remove a user, either edit the password file with a text editor or change the password so it's not usable. (2) In the new directory you wish to password-protect, create a .htaccess file with the following lines, or add the following lines if one already exists (perhaps if you're using a web counter). The lines with #'s are comments. #========== AuthType Basic # a descriptive one-word name for the access # if you create multiple password files for multiple directories then # this should be different for each directory # AuthName joe-private # # the route to the password file - customize as appropriate # entering the command "echo $HOME" will tell you the path that goes # before "/.htpasswd" # AuthUserFile /home/joe/public_html/private/.htpasswd # we're not using group files in this example AuthGroupFile /dev/null # # following accepts any user in the password file require valid-user #========== Once the .htaccess file is created, make sure it's world-readable: chmod 644 .htaccess (3) move the documents you want to protect into the private directory. (4) test access to documents in the directory. If you find the password prompt doesn't work, then it's possible you have a typo in the .htaccess file or the server has "AllowOverride none" in the configuration for user directories.