Creating Password Protected Web Directories

The following is a short documentation for creating password protected web pages on the Blue Moon. This information can provide a simple and effective way to password protect web pages.

The method is simple. Direct the web server to a password database file which contains lines in the form of: "username:encrypted_password". This method provides no way of "expiring" accounts nor any other complicated authentication procedures. Such methods would be up to the reader of this documentation to develop.

First, it is necessary to create a file in the protected directory called ".htaccess". This contents of this file should look something like this:

AuthUserFile /put/the/path/to/the/password/file/here
AuthGroupFile /dev/null
AuthName Put_Your_Resource_Name_Here
AuthType Basic

<Limit GET>
require valid-user

AuthUserFile The argument is the path name of the password database file to use. For instance: /usr/users/myname/html/.mypasswords
AuthGroupFile Not explained in the document. Use "/dev/null".
AuthName The name of this resource. For example: Top Secret Web Site
AuthType Use as given.

Here is an example .htaccess file:

AuthUserFile /usr/users/myname/html/prot/.htpasswd
AuthGroupFile /dev/null
AuthName My Secret Little Place
AuthType Basic

<Limit GET>
require valid-user

Now, there must be a password file. There is a simple utility to maintain a password file. This program is called "htpasswd", and can be run from a shell. Webmasters Please Check HERE for how to create the the password file online without a shell account.

The syntax is as follows:

htpasswd <file> <username> [password]
htpasswd -c <file> <username> [password]
htpasswd -d <file> <username>
In the above lines, <file> is the name of the password file. <username> is the name of the user to be added to or modified in the database. [password] is the password to be encrypted in the database file. If the password is not given on the command line, the person who runs this program is prompted for the password.

If the -c option is used, the password file is created from scratch. This means that if this <file> exists, the contents are lost.

If the -d option is used, the <username> in the database is deleted.

If no - option is specified, then <username> is added to the database.

Here are a few examples:

htpasswd -c /usr/users/myname/html/prot/.htpasswd fakeuser testpass
htpasswd /usr/users/myname/html/prot/.htpasswd testuser
htpasswd -d /usr/users/myname/html/prot/.htpasswd fakeuser
The first line creates the file, "/usr/users/myname/html/prot/.htpasswd", then adds the user "fakeuser" with the password "testpass". The second example adds the user "testuser" to the same file, then prompts for a password to be used. The third example deletes "fakeuser" from the password file.

Note for domain customers:

We have a page which uses the "htpasswd" utility. Direct your browser to "". For security reasons, you must input your username and password in order to use htpasswd.

We have also developed a page to generate the ".htaccess" file when given a directory to protect, a resource name, and the path of the password database. This page can be found at "".

All paths inputted to the programs are referenced just like in an FTP to your domain web space. (For example, the path to your domain's main page would be /home.html or /index.html)

Send Email to Webmaster

Be sure to replace " AT " with @ in your mailer

© 1998 - 2006 Blue Moon Internet Corp.

Unauthorized Use Prohibited