Your Virtual Private Server Apache Web Server supports user authentication. In other words, it allows you to create password protected directories on your Virtual Private Server web site. Let's say you want to restrict access to a the following directory to those with a valid username and password.



You can configure password authentication by connecting to your server via SSH as the administrative user for the domain you are managing, and following the steps below:

  1. Create a file named .htaccess in your /www/htdocs/secure directory that restricts access to the directory. In our example, we will allow one user (admin) to access the directory. The .htaccess file must reside in the directory it will be controlling, so we must put it in the /www/htdocs/secure directory.

    You can either create the .htaccess file while connected to your server (using a file editor like ee or pico, for example) or you can create the file on your own PC and Upload it to your Virtual Private Server. The file should contain the following text:

    AuthUserFile /etc/.htpasswd
    AuthGroupFile /dev/null
    AuthName "Secure Area Name"
    AuthType Basic
    <Limit GET>
    require user admin

    Replace "Secure Area Name" with the name of the secure area. If multiple users need access to the directory replace the require user line with:

    require valid-user

    This will allow any user defined in the .htpasswd file to log in to that area of the site.

  2. Use the htpasswd command to set a password for the user(s).

    The AuthUserFile path is the path to where the .htpasswd file is located. The .htpasswd file contains both logins and encrypted passwords for the authorized users. Use the htpasswd command to set a password for the new user. You will be prompted to enter the password after running the following command

    # htpasswd -c /etc/.htpasswd admin

    You are free to use a different name or directory location for the password file. Just change the /etc/.htpasswd above to whatever you want, and modify the AuthUserFile path above to point to the new file. We recommend locating the .htpasswd file outside of the web site folder, for example in /home/user/www/.htpasswd instead of/home/user/www/

    The -c flag indicates that you are adding a user to /etc/.htpasswd for the first time. When you add more users and passwords to the same password file, the -c flag should not be used since it will erase and recreate the file.

    # htpasswd /etc/.htpasswd john
    # htpasswd /etc/.htpasswd mike
    # htpasswd /etc/.htpasswd bob

More Information

The best place to learn about user authentication is from Apache's documentation.

Please note: the information on this page applies to ITS web hosting plans. It may or may not apply to other environments. If you are looking for a feature described here, or better support from your hosting provider, please consider hosting your site with ITS!

1555 N Naperville/Wheaton Road, Suite 107
Naperville, IL 60563
phone 630.420.2550
fax 630.420.2771