Note: The following apache modules have been renamed by Apache.
Some Modules have been renamed and offer better support for digest authentication. For example, mod_auth is now split into mod_auth_basic and mod_authn_file; mod_auth_dbm is now called mod_authn_dbm; mod_access has been renamed mod_authz_host. There is also a new mod_authn_alias module for simplifying certain authentication configurations
I use xampp for all my webhosting needs, and store it in C:xampp
Get xampp from www.apachefriends.org
Make sure that directory C:xamppApachebin is specified under the System Path variable. We will use a program named htpasswd.exe, that is contained under the mentioned directory, to create a password file for the specified users.
Create the protected Directory
This section will show you how to create directory “lordmwesh” outside the Web-Server’s webroot directory “C:xampphtdocs” using the command prompt.
Open the Windows command-shell via Start » Run… cmd.exe
Change to the drive letter of your Web-Server Suite’s root directory (this is the drive you installed the Web-Server Suite under; for this example we will use drive “C:”)…
Change to the path of your Web-Server Suite’s root directory (for this example we will use path “xampp”)…
C:…> cd xampp
Create the directory you want to restrict access to with a user/password prompt (we will create directory named “lordmwesh”)…
C:xampp> mkdir lordmwesh
Change to your newly created directory…
C:xampp> cd lordmwesh
Create user/password file
Continuing from the previous section, we are now ready to use htpasswd.exe to create a file named “.htpasswd”: this file will contain user names with their respective passwords (the passwords will be encrypted before placed under the file).
This 1st line (with switch “-c” — that will not be repeated in the following lines) will create a file named .htpasswd under the current directory (C:xampplordmwesh). The password given will be encrypted by the htpasswd.exe program (due to the “-m” switch — MD5 encryption).
User named “user1” with password “passuser1” is specified 1st…
C:xampplordmwesh> htpasswd -cmb .htpasswd user1 passuser1
Add user named “user2” with password “passuser2” to the .htpasswd file…
C:xampplordmwesh> htpasswd -mb .htpasswd user2 passuser2
Add user named “raila” with password “kibaki” to the .htpasswd file…
C:xampplordmwesh> htpasswd -mb .htpasswd raila kibaki
Configuration — httpd.conf
We can now edit Apache’s httpd.conf file to bring everything together.
Edit file C:xamppapacheconfhttpd.conf
Make sure that the following two ‘LoadModule’ lines are uncommented, by removing the beginning “#” character…
(These ‘LoadModule’ lines should already be uncommented, by default). This is for
Note that those using Apache1, and Apache2 should check for the correct Module file requred. Apache1 use mod_access.so. Apache2 use mod_authz_host.so
LoadModule access_module modules/mod_access.so #Line 1 for those using Apache1
LoadModule authz_host_module modules/mod_authz_host.so #ine 1 for those using Apache2
LoadModule alias_module modules/mod_alias.so
Uncomment the following two ‘LoadModule’ lines, by removing the beginning “#” character…
(The 1st line is required for directive ‘AuthUserFile’)
(The 2nd line is required for directive ‘Options Indexes’: to display the index of a directory)
LoadModule auth_module modules/mod_auth.so
LoadModule autoindex_module modules/mod_autoindex.so
Deny from all
Alias /lordmwesh “/xampp/lordmwesh”
Allow from all
AuthName “Private Access”
Save file and Restart Apache…
(from the command prompt type the following)
> net stop Apache
> net start Apache
Test protected Directory
Enter one of the user/password combinations…
You should now see either the directory structure, or (if you have an index.htmlphp file under the accessed directory) your index file.
To [truly] logout as the user, you must close the browser window.
Advanced Configurations and Features
You can also grant/restrict access to the user/password protected directory with IP addresses…
Replace the original “
(or simply replace the first two lines of the original block)
Deny from All
AuthName “Private Access”
Below the line…
Require valid-user..add the following code…
Allow from 127.0.0.1
…if you access the protected area from your local system (IP address — 127.0.0.1), there will be no need to enter a user/password combination.
(Note that you can add multiple “Allow from ip-address” statements to grant access)
…by using the following code instead…
Allow from 127.0.0.1
…you will have to access the protected area from your local system (IP address — 127.0.0.1) AND will need to enter a valid user/password combination.