htaccess is a simple mechanism to tell your webserver how to treat a certain directory or set of files. The most common use of htaccess it to require users to enter a username and password to access them. (Note: htaccess it not really secure, so if you use it, you should never use it with secure passwords that are used for other things.)
Example
Access of secret/hello.html requires a username of "guest" and a password of "secret". This is controlled by secret/.htaccess with the allowed username/password(s) specified in secret/.htpasswd, the latter being generated by running
htpasswd -c .htpasswd guestat the unix shell.Documentation
Here are the files you typically use to setup htaccess.
- The .htaccess file must live in the directory you want to protect. Here is an example:
AuthUserFile /l/htaccess/.htpasswd AuthName "QSHOP Team" AuthType Basic Satisfy Any <Limit GET PUT POST> order deny,allow deny from all require valid-user </Limit>- The .htpasswd can live anywhere, although it should live somewhere not web visible. It contains a list of username:password lines, where password is encrypted. This file is generated by the htpasswd command. Warning: do not use passwords which are used elsewhere, as htaccess it not really secure.
Here is a typical .htpasswd file:
paul:u4327do43uaednq2 karl:oekg7d5.vhe.42gdl giza:d73h45c879x3./dk- .htgroup - this optional file allows you to setup groups of usernames, such groups then being able to be referred to by group name vs. having to list each user for each directory you want to protect.
Here is a typical .htgroup file:
qshop: paul karl giza