Password Protecting Directories with .htaccess

Password Protecting Directories

This simple program will allow you to manually mange users using unix .htaccess files. The technology is dated primarily because of the limitations. The htaccess method works very well for small numbers of users.

It is still the most popular method for password protecting a directory. By placing a smple .htaccess file in a web directory pointing to a password list you can limit all accesses to that directory.

The primary limit of the technology is due to the process of reading the password list on every request. That inclues every text file and every image. If there are 100 images on a page the password file will be read 100 times for the single user.

With password files exceeding 10,000 users the process can severely slow down server performance. So most companies working with large numbers of users have developed encrypted cookie based password systems.

UNIX is also case sensitive. So the passwords are case sensitive making it very difficult for users that do not understand programing. This is one of the big reasons for using other password systems so that it is easier for the end user.

However the technology is still superior for small numbers of users. And it is easy to use and manage as well as being highly configurable.

Try the DEMO Password Protection

I have written a simple program to add users to a password file.

There are only 2 files you need. The adduser.cgi and the .htaccess file.

The .htaccess file needs to point to the password file and be placed in the directory you want to protect.

The .htaccess file is a plain text file with the following text:

AuthName "Authorized Users Only"
AuthType Basic
AuthUserFile /path_to_passfile/.htpasswd

require valid-user

Modify the actual path to your .htpassword file and place the file in any directory. Now the only way you can access any files in that directory or any sub directory is by authenticating the username and password.

To create the actual password file.

Modify the path to the password file in the adduser.cgi.

Upload the adduser.cgi and chmod 0755.

Then just access the adduser.cgi via your web browser and add all the usernames and passwords you need. The first thing you will want to protect is the adduser.cgi. Or remove the program after you create the passfile.

You can create multiple passfiles and protect different directories with different passwords. This allows you to create an administrative directory to manage users while providing access to a members or subscription area to those users.

You can remove users, by editing the password files and just removing the line for that user.

This is a simple solution that is well written so you can expand on it easily. Work the sub routines into a membership program or forum signup. We are more concerned with showing you how to set up the program rather than providing a fully developed password system. This program will provide you with the basic tool to begin developing password protection.

The demo program on this website also uses the image verification to prevent bots from tripping the form. You wont need that option in your script since you wont be letting anyone make their own passwords. The demo is a dressed up version of the free script you can download.

Because of high demand for this tool, we have added a more complete script for managing passwords with the ability to manage multiple directories, add, remove and access user details.

Get the advanced password manager for perl