Originally Posted on BinaryEquine.com

I just set up some message boards that I only want to let a few select people use. Now I could have probably set something up so that you would have to be a registered member to see any content posted on the message board but for the purpose of educating myself (and hopefully you too) on how to password protect directories on your web server I choose to do something else.

First off you should be semi-familiar with the Terminal application. I will provide you with the exact command you need to create one of the files needed. You should also be familiar with OS X Server since this is what this will apply too!

First, open up a text editor. Next copy and paste the follow into the empty file:

AuthName “auth”
AuthType Basic
AuthUserFile /Library/WebServer/Documents/directory/where/password/is/kept/.htpasswd
require valid-user

For the line: AuthUserFile /Library/WebServer/Documents/directory/where/password/is/kept/.htpasswd, you’ll obviously want to change that to where you’re actually going to keep the file with the password in it.

I had the most luck with keep it in the main web server directory. I put mine in the actual directory I was protecting. The password you set does get hashed so it’d be near impossible for anyone to figure it out. So now that you have created and added in the contents to this file, save it as .htaccess. You might get an error or warning on saving of the file but just choose to use the . in the beginning of the file name. Make sure you saved this file in the directory you want to protect, this is important! Now we have created the file that tells the web server we want to password protect a directory.

The next step is making the password. Open up Terminal (found in Applications >> Utilities). Then move to the directory where you saved your .htaccess file by using the following command:

cd /Library/WebServer/Documents/admin/

Your command might be different, the above is just an example. The root of your web server is:


To make the password file you can copy and paste this command into Terminal:

htpasswd -c .htpasswd [username]


htpasswd -c .htpasswd admin

You will then be prompted to input a password, and then to confirm the password

This will create a file with the username admin and whatever password you chose. You can change the username to anything you would like though and use whatever password you want. This file will be saved right into the directory you want to protect so long as you ran the command from that directory.

So now you have your 2 “protection” files but there’s one last step. In Terminal navigate to your web server configuration directory:

cd /etc/httpd/sites/

Now type:


You should get a list of files. These are the configuration files of the web sites on your server. I had about 5-6 of these files but you may only have one, they look something like, ‘0003_any_80_horse13.com.conf’. Type in:

sudo nano [name of config file]

You will enter a command line text editor after inputting your administrative password. This is a system file so you will need administrative access to edit and save it.

The command line text editor isn’t so bad! You will need to find the line that looks something like:

AllowOverride None

it’s about 30 lines down or so. Change it to:

AllowOverride All

You can save it by hitting Ctrl+O and then you can exit by hitting Ctrl+X. You can now use the GUI tool, Server Admin to restart your web server.

Go to the website you’re trying to password protect in your web browser and it should now prompt you for a username and password each time you access that directory/site.


You may also like

Leave A Comment

Please enter your name. Please enter an valid email address. Please enter message.