Apache .htaccess Access Control Configuration
The .htaccess file must be placed in the directory you want protected. It must contain the following:
AuthUserFile /var/www/<server_name>/htdocs/<directory_name>/.htpasswd AuthGroupFile /dev/null AuthName "Private" AuthType Basic require valid-user
.htpasswd is the list of authorized usernames and passwords. The format is as follows:
username1:password1 username2:password2 ...
Passwords are in an encrypted form. Use the command htpasswd to create them:
htpasswd [-c] passwordfile username
Only use the -c option one time, or it will wipe out the contents of any existing .htaccess file
It is suggested that both .htaccess and .htpasswd by owned by root:root and have 0644 permissions.
You might also want to customize the response given to an unauthorized access attempt ("401: Unauthorized"). The following line is an example of what you can add to .htaccess:
ErrorDocument 401 http://www.my_server.com/401.html
This will direct unauthorized requests to the file "401.html" in the htdocs root directory
This can be done for any of the error codes ("404: Not found" and "403: Forbidden", for example).