Gentoo – Protecting Web Directories With .htaccess


In this guide I will show you how to protect your localhost web root with .htaccess and .htpasswd files. By doing this a username and password will be required to enter the site. Let’s get started! As root do the following:

  • touch /var/www/localhost/htdocs/.htaccess
  • touch /etc/apache2/httpd-passwords

Ok now we need to generate an encrypted user/passwd combo for our /etc/apache2/httpd-passwords file so do the following:

htpasswd /etc/apache2/httpd-passwords yourusername

This will prompt you for a password and then again for a confirmation of the password. Once it is finished it will automatically create the entry in the /etc/apache2/http-passwords file.

Here is an example entry for the user root with the password of 12345:


Now type

nano -w /var/www/localhost/htdocs/.htaccess

and insert the following lines into the file:

AuthUserFile  /etc/apache2/httpd-passwords
AuthType Basic
AuthName restricted 
Require valid-user 

Thats it! Now when you go to http://your_server_ip you will be prompted for a username and password. There is so much more that you can do with .htaccess files, this is just a start. Try doing a google search on .htaccess and do some experimenting!