how to use htpasswd to create protected directories XAMPP / apache

Created 17 years ago by Matt,
Last updated August 5th 2024, 3:50:07 pm

I recently needed to protect some directories on my machine, on which I have XAMPP for windows (Apache, MySQL, PHP) installed.

Incidentally there is also a portable version that will run from a memory stick, meaning you can set up a web server from any machine (running windows) by plugging in the stick and starting the server! :)

The issue I had was creating protected (web) directories. After searching around a bit, I found that no-one had a simple guide to doing this (that I could find), so I thought I'd put a a simple example here! :)

There are two parts to this, the first, creating the passwords file, the second, protecting the directory with a password.

Part 1

The first task is to find a program that will do the work for you, in XAMPP that resides under the xampp/apache/bin/ directory. On my machine that is at C:xamppapachebinhtpasswd.exe.

This program will create a user and a password in a specified file (normally .htpasswd). You should open a command prompt and call the following command to create the password file for the first time. (to add new users, simply omit the -c )

htpasswd.exe -c -b .htpasswd frank apassword

This will create a new passowrd file called .htpasswd with the username frank and the password apassword. (the -b command basically tells it to take the password from the command line, if you omit the -b and the password, then the program will ask you to type the password in twice to confirm). Shown below: C:xamppapachebin>C:xamppapachebinhtpasswd.exe -c C:xamppexamplepasswords.htpasswd frank Automatically using MD5 format. New password: ******* Re-type new password: ******* Adding password for user frank

NOTE: the password file should not be web accessible, so make sure the path is somewhere above the root of your web directory

On my machine, I would type:

C:xamppapachebinhtpasswd.exe -c -b C:xamppsecrethiddenplace.htpasswd frank apassword

On some installations you may need to resart Apache for the changes to take effect.

Step 2

The next step is to protect the directory, this means putting a file into it, that will cause Apache/Web Browser to prompt for a username and password.

Simply put the following information into a file called .htaccess, and put the file into the directory to protect.

AuthName "Protected Area" AuthType Basic AuthUserFile C:/xampp/secret/hidden/place/.htpasswd require valid-user

Note the direction of the slashes (forward slashes) this may not be an issue, but worth checking....

The AuthUserFile should be the location of the password file you just created. This can be absolute or relative (I believe).AuthName is normally shown by the browser when asking for the username and password.

Hope this helps! :) if you found this helpful, you can contribute £1 to me!

This post now appears on mattstabeler.co.uk/blog/

Comments

  1. Great, It works, I was searching for this many weeks, finally found a working solution. Thanks.... - anees4ever on Fri Feb 08 2013 05:02:00 GMT+0000 (Coordinated Universal Time)
  2. Thanks so much! Works perfectly :) - Beth on Sun Nov 17 2013 03:35:41 GMT+0000 (Coordinated Universal Time)