zNET Technical Support Pages

How do I password-protect some of my web directories and files?

You will need to create the files htpasswd.html, htpasswd.cgi and .htaccess. All three files will go into the directory you're protecting and will do the password protection. Below follows instructions on how to create and use them.

Open up a plain text editor (like Simpletext, Notepad or BBEdit) and enter the HTML code below into it:

<form action="htpasswd.cgi" method="post">
Username: <input type="text" size="30" name=username>
Password: <input type="password" size="30" name="password">
<input type="submit" value="submit">

Save the document as "htpasswd.html". Now you'll need to upload the htpasswd.html file to your website. You should have already made a directory on your website where the protected files are going to go, so upload the htpasswd.html into that directory. Make a note of the protected folder name on your website for future reference.
Now you'll need to download our password-protection CGI script. Click here and save it to your hard drive with the name "htpasswd.cgi". Open the htpasswd.cgi file in your text editor program.
Look at line 22 of the htpasswd.cgi. You'll need to edit this line to tell the server where to look for your protected directory. The default line in the file reads: "/www/skirrow/hidden_stuff/.htpasswd" If you have your own domain name (for example your website is called "www.mydomain.com"), change the section to read: "/var/domain/www.mydomain.com/LOCATION_OF_PROTECTED_FOLDER/.htpasswd" (substituting "www.mydomain.com" with your real domain name and "LOCATION_OF_PROTECTED_FOLDER" with the real folder location)
If you don't have your own domain name on your site (for example if your site is called something like "sd.znet.com/~myname") then change the section to read: "/var/home/m/y/myname/public_html/LOCATION_OF_PROTECTED_FOLDER/.htpasswd" (substitute "myname" with the real site login name, "m" with the first initial of the login name, "y" with the second initial of the login name, and the "LOCATION_OF_PROTECTED_FOLDER" with the real folder location).
Save and upload the htpasswd.cgi file into the protected directory. In your FTP program, set the file permissions on the htpasswd.cgi file as 0755.
Now go to the htpasswd.html page on your site from your browser. You'll see a form to fill in an initial login and password for your protected directory. Enter the username and password you want and hit submit. This will assign the first login and password.

You will then need to create a .htaccess file in the same directory. Just create a text document called ".htaccess" (the first period is necessary). The possibilities of that file are beyond the scope of this FAQ. We recommend that you study this tutorial at NCSA. But here is a example one you can copy and modify for your own use that will work. Copy the text below into the .htaccess file, and edit the third line to reflect the path to the .htpasswd file. This is the same path that you set in the htpasswd.cgi file.

AuthName "My Website"
AuthType Basic
AuthUserFile /var/domain/www.mydomain.com/private_stuff/.htpasswd
require valid-user

Or an alternate AuthUserFile line:

AuthUserFile /var/home/myname/public_html/private_stuff/.htpasswd

Now FTP the .htaccess file into your protected directory and you are finished. If you want to add more usernames and passwords for the protected directory, just go to your htpasswd.html page in your browser again and use it to add more (that page and the directory it is in will now be password protected with the initial username and password you assigned).

Troubleshooting
NOTE: If you are on a Windows machine and using Notepad for your text editor, Windows will by default add a .txt extension to the end of your file name (i.e. .htaccess.txt). If the file has a a file extension, the web server will not use it and it will not work. In order to prevent Windows from adding the .txt to your filename, a work-around is, when doing a "Save As" of your file, to enter the file name in quotes, i.e.. ".htaccess". You may also be able to change the file name after uploading in your FTP program browser window.

Return to the FAQs