I have a directory on my website that I need to make sure no one but myself can get into. From the reading I’ve done, it looks like there are two ways to protect a directory:
- Password protect the directory using the .htaccess file
- Deny access to all IP addresses but my own from accessing the directory, also using the .htaccess file
I need to protect the files in the directory as securely as possible, so I figured I’d use both of those methods for double protection.
Question 1: Am I missing anything? (i.e. is there another layer of protection I can add?)
Question 2: What would I need to put in a .htaccess file to get the above to work?
Your .htaccess file would contain:
The
.htaccessfile goes in the directory you’re trying to protect.You also need a .htpasswd file (shown above as
/usr/local/nate/safe_place/.htpasswd) which contains the text username:password_hash. So if we use “nate” as an example and “secret” as the password (please don’t use that) you get:You can use this tool to generate your own password file: http://www.tools.dynamicdrive.com/password/
Just make sure that no one can read your
.htpasswdfile. Also note that basic authentication does no encryption by itself. If you’re on an open network, anyone can see your password and all the secret data going over the network. Make sure you visit your site via https if it’s really that secret.You can read more about
.htaccessfiles here:http://www.javascriptkit.com/howto/htaccess.shtml