Password-protecting directories

From DreamHost
Jump to: navigation, search

Overview

The following describes how to enforce authentication/password protection using .htaccess on a domain or subdirectory. There are two ways to create the .htaccess file:

  • Through the panel, or
  • Manually creating an .htaccess file.

This guide covers both options.

Creating an .htaccess file in your panel

Important icon.png Warning: The following procedure overwrites any .htaccess file you may already have. Be sure to backup your existing .htaccess file before beginning the steps on this page.


  1. Navigate to the (Panel > ‘Goodies’ > ‘Htaccess/WebDAV’) page.
    A list of your domains appear on the Htaccess/WebDAV page. Domains must be fully-hosted in order to display here:
    01 Password Protecting Directories.fw.png
  2. Click the domain you wish to password protect.
  3. Click the Set Up a New Directory button.
    The WebDAV configuration page appears:
    02 Password Protecting Directories.fw.png
  4. Make your selections based on the information described in the following table.
    Field
    Field Name
    Action and Description
    1callout.png
    Directory name
    Enter the directory you'd like to protect (leave it blank to protect the entire domain.)
    NOTE: If you wish to password protect a subdirectory, you must first create it in your FTP account.
    2callout.png
    Password-protect this dir?
    Check this box.
    3callout.png
    Enable WebDAV on this dir?
    You can leave this unchecked if you don’t need to use WebDAV on this domain.
    4callout.png
    Directory “name”
    Enter the name you'd like to call this area (this will appear in the pop-up window asking for your password).
    5callout.png
    User accounts for this area
    Enter a username and password that will be allowed access to the password-protected domain/directory. Each line consists of a single username password in the format 'username password'. In the screenshot above, ‘username1’ uses the password ‘password1’.
  5. When you finish entering the selections, scroll down to the bottom of the page and click the Configure This Directory button.

Within 10 minutes, this directory on your site will be protected.

Testing the .htaccess file

Once everything is configured, a new .htaccess and .htpasswd file appear in your website’s directory. The .htaccess file consists of the following code:

### Generated by Dreamhost. DO NOT modify!!! ###
AuthType Basic
AuthUserFile /home/exampleuser/websitehelp.support/public/.htpasswd
AuthName "Members Area"
require valid-user
################################################

The .htpasswd file only shows the encrypted password you chose for username1:

username1:$1$MVq7Nkc/$GTaN0dRkCsiXJpFNxYs8V.
When you visit your website in a browser, a popup authentication box appears that asks you to enter your credentials:
03 Password Protecting Directories.fw.png

Only the users you added through the panel in the ‘User accounts for this area' field are able to access the site.

Manually protecting a directory

Sometimes you may need more control over how your directories are password protected, such as when you wish to assign groups access instead of individual users. Or, you might already have an .htaccess file in a directory and you don't want the automatically-generated one to overwrite it. If so, you can manually create and edit the .htaccess file instead of using the panel.

Creating and editing an .htaccess and .htpasswd files

View the .htaccess authentication article for further details on how to manually password protect a directory or file.

See also