K12USA Support Knowledge Base

Using .htaccess For Access Restrictions

Web Hosting


If your site is configured to allow authentication, then use these guidelines for setting up a private area for your site.  If you are unsure if this is configured for your site, or need it turned on for your site, please call customer service.

Applies To

Web Hosting

More Information

First, you'll need to set up a password file, named ".htpasswd".  It should be located in a directory called "etc".   Your .htpasswd is the file used to keep your web access passwords.  To create your password file, use the "htpasswd" command at the grace prompt, like the example below:

% htpasswd -c ~/etc/.htpasswd web_user

Where web_user is the username required to enter view your pages. The "-c" after the htpassword command is used to create a new file. Do not include that flag if you are adding new passwords to an existing file. The example above creates a new .htpasswd file in your ~/etc/ directory.  ~/ is a Unix synonym for your home directory.  For example, running the following command will return you to your home directory.

% cd ~

To create the etc/ directory for the password file, use the "mkdir" command, as shown in the example below:

% mkdir ~/etc

Next, create the ".htaccess" file which will restrict web access to your homepages.  This file is placed in the same directory where the web pages that you want to restrict access to are located.  So, if you wanted to protect your photos directory i.e., you would put the .htaccess file in your ~/websites/ directory.  A sample .htaccess file looks like this:

AuthUserFile /home/user/etc/.htpasswd
AuthGroupFile /dev/null
AuthName X_Files_Area
AuthType Basic
require user daffy donald

The file above, when placed in your websites/ directory, restricts access to that directory to web viewers who authenticate with usernames "daffy" or "donald" and their respective passwords as defined in your .htpasswd file. In this case, it is located at ~/etc/.htpasswd .

Finally, after creating your .htaccess and .htpassword files, use the "chmod" command to make sure that they are world-readable and also that your ~/etc directory is world-executable and world-readable. You do that by typing:

% chmod a+rx ~/etc
% chmod a+r ~/etc/.htpasswd ~/websites/

All Directives must be typed as shown, except for information in parens [()]. Information in parens is shown for syntatical purposes only, and must be defined by the user.

Restricting access by IP or hostname/domain

To allow access only to a group of IPs; This example allows access only to hosts within the 65.112.222 class C range.

Order Deny,Allow
Allow from 65.112.222
Deny from All

To allow access only to a group of hosts or networks; This example allows access only to hosts within the domain.

Order Deny,Allow
Allow from
Deny from All

Restricting access by authentication (password protection)

Using your own password file; Allow any user in password file

AuthType Basic
AuthName (name)
AuthUserFile (full path to password file)
require valid-user

Using your own password file; Allow only specific user(s)
Note: (user list) is a space-separated list of usernames, not a file.

AuthType Basic
AuthName (name)
AuthUserFile (full path to password file)
require user (user list)

Last Modified: 12 Years Ago
Last Modified By: bmccann
Rated 3 stars based on 2 votes.
Article has been viewed 6.1K times.
Review Date: -
Also In This Category