How to Restrict Access to a File/Folder with Authentication

Sometimes, to prevent unauthorized access to a folder or file, it is necessary to add an authorization lock where access to the resource will only be granted after entering the correct username and password.

Securing Access to a Folder

Access to a folder using authorization credentials can be set up in two ways:

1) Setting up a folder access lock via cPanel

To set up protection via cPanel, go to cPanel -> Directory Privacy.

After navigating, all the folders located in the home directory of the account will be displayed. To block access to a website folder, first go to public_html by clicking on the folder name (see the image below), and then click Edit next to the selected domain folder (for the purposes of this guide, we will add a lock to the folder of the client-domain).

After clicking Edit, check the box “Password protect this directory” and click Save.

After saving and returning to this page, you will be able to enter a username and password. After entering the credentials, click Save.

The folder lock has been set up. Now, when you access the site, a login window will appear:

NOTE

If, after accessing the site, a 404 error appears instead of the login window, add the following line to the .htaccess file:

ErrorDocument 401 default

After adding this line, the login page should display correctly.

2) Setting up a folder access lock via .htaccess

An alternative way to set up this protection is to add rules to the .htaccess file and create a password file. To do this:

  1. Navigate to the application folder and edit the .htaccess file.
  2. Add the following lines to the .htaccess file:
    AuthType Basic
    AuthName "Protected 'This is a folder lock'"
    AuthUserFile "/home/user/.htpasswds/public_html/client-domain/passwd"
    Require valid-user


    In AuthUserFile, specify the path to the password file (passwd), which will be created in the following steps.
  3. After adding the record to .htaccess, create a passwd file with the login and hashed password in the path defined in the previous step (AuthUserFile). In the file, it should look like this:
    login:passwordHash
    The hash can be generated e.g. via https://onlinephp.io/password-hash

After adding the above entries, when accessing the locked directory, a login page should appear where you need to enter the previously defined username and password.

NOTE

If, after accessing the site, a 404 error appears instead of the login window, add the following line to the .htaccess file:

ErrorDocument 401 default

After adding this line, the login page should display correctly.

Securing Access to a File

To secure access to a file only after authorization, you need to add rules to the .htaccess file and create a password file. To do this:

  1. Navigate to the application folder and edit the .htaccess file.
  2. Add the following lines to the .htaccess file:
    <Files file_to_block.php>
    AuthType Basic
    AuthName "My file access lock"
    AuthUserFile /home/user/.htpasswds/public_html/client-domain/.htpasswd
    Require valid-user
    </Files>


    Replace file_to_block.php with the name of the file you want to protect. In AuthUserFile, specify the path to the password file (passwd), which will be created in the following steps.
  3. After adding the record to .htaccess, create a passwd file with the login and hashed password in the path defined in the previous step (AuthUserFile).

After adding the above entries, when accessing the locked directory, a login page should appear where you need to enter the previously defined username and password.

NOTE

If, after accessing the site, a 404 error appears instead of the login window, add the following line to the .htaccess file:

ErrorDocument 401 default

After adding this line, the login page should display correctly.

Michał