Sometimes, to prevent unauthorized access to a folder or file, it is necessary to add an authorization lock where access to the resource will only be granted after entering the correct username and password.
Securing Access to a Folder
Access to a folder using authorization credentials can be set up in two ways:
1) Setting up a folder access lock via cPanel
To set up protection via cPanel, go to cPanel -> Directory Privacy.
After navigating, all the folders located in the home directory of the account will be displayed. To block access to a website folder, first go to public_html by clicking on the folder name (see the image below), and then click Edit next to the selected domain folder (for the purposes of this guide, we will add a lock to the folder of the client-domain).
After clicking Edit, check the box “Password protect this directory” and click Save.
After saving and returning to this page, you will be able to enter a username and password. After entering the credentials, click Save.
The folder lock has been set up. Now, when you access the site, a login window will appear:
NOTE
If, after accessing the site, a 404 error appears instead of the login window, add the following line to the .htaccess file:
ErrorDocument 401 default
After adding this line, the login page should display correctly.
2) Setting up a folder access lock via .htaccess
An alternative way to set up this protection is to add rules to the .htaccess file and create a password file. To do this:
- Navigate to the application folder and edit the .htaccess file.
- Add the following lines to the .htaccess file:
AuthType Basic
AuthName "Protected 'This is a folder lock'"
AuthUserFile "/home/user/.htpasswds/public_html/client-domain/passwd"
Require valid-user
In AuthUserFile, specify the path to the password file (passwd), which will be created in the following steps. - After adding the record to .htaccess, create a passwd file with the login and hashed password in the path defined in the previous step (AuthUserFile). In the file, it should look like this:
login:passwordHash
The hash can be generated e.g. via https://onlinephp.io/password-hash
After adding the above entries, when accessing the locked directory, a login page should appear where you need to enter the previously defined username and password.
NOTE
If, after accessing the site, a 404 error appears instead of the login window, add the following line to the .htaccess file:
ErrorDocument 401 default
After adding this line, the login page should display correctly.
Securing Access to a File
To secure access to a file only after authorization, you need to add rules to the .htaccess file and create a password file. To do this:
- Navigate to the application folder and edit the .htaccess file.
- Add the following lines to the .htaccess file:
<Files file_to_block.php>
AuthType Basic
AuthName "My file access lock"
AuthUserFile /home/user/.htpasswds/public_html/client-domain/.htpasswd
Require valid-user
</Files>
Replace file_to_block.php with the name of the file you want to protect. In AuthUserFile, specify the path to the password file (passwd), which will be created in the following steps. - After adding the record to .htaccess, create a passwd file with the login and hashed password in the path defined in the previous step (AuthUserFile).
After adding the above entries, when accessing the locked directory, a login page should appear where you need to enter the previously defined username and password.
NOTE
If, after accessing the site, a 404 error appears instead of the login window, add the following line to the .htaccess file:
ErrorDocument 401 default
After adding this line, the login page should display correctly.
- How to Restrict Access to a File/Folder with Authentication - September 13, 2024
- 301 Redirects – When and Why You Should Use Them - September 13, 2024
- Configuring Outlook on Android Devices - September 13, 2024