Using access restriction on Web pages


Important:Access restriction applies to a certain directory, not a certain file or HTML document. Documents that are to be restricted should be put in directories separate from those you want unrestricted.


A .htaccess file must be created in the directory that the user wants to secure. (Multiple directories can have .htaccess files, but there can only be one .htaccess file per directory.)

  1. While in the directory you want to secure, edit a file called .htaccess using your favorite text editor.

  2. The .htaccess file contains 2 sections:

    1. The first section of .htaccess must contain 4 lines:
      AuthUserFile {path to .htpasswd file}
      AuthGroupFile {path to .htgroup file}
      AuthName {title for dialog box}
      AuthType Basic
    2. The second section is a bit trickier. It will contain 3 parts:
      <Limit GET>
      {access instruction to be executed}
      </Limit>
  3. Unix file permissions for the ".htaccess" file must be set so that everyone (ie. owner,group, and other) has read permissions.

  4. That's all there is to it! If you are still confused, though, feel free to check out NCSA's User Authentication Tutorial. NCSA gives some helpful examples for each step.