I came across this issue a few days ago, I was required to create a secure area on a web server where I could upload large files. The directory where these files were uploaded should be password protected so that only someone authorised can access it, and as a further protection, the directory should have its directory listings display turned off. Client Side password protection like using Javascript is not very good, because it can be disabled
Figured this might make someone else’s life easier in the future
- Using a FTP client, login to your server.
- Create a new directory in your public folder (www, public_html etc). Remember to keep the name something people will not be able to guess. something like “S3cr3tF0ld3r” maybe
- Create an empty .htaccess file and upload it to that directory
- The first and easiest step to carry out is to disable directory listings. Use the following code (also described here)
Options All -Indexes - Now comes the slightly trickier part, password protecting the directory:
I first add the following lines to the .htaccess file
AuthUserFile /path/to/.htpasswd AuthName "My own Login Area" AuthType Basic - I then add the username and encrypted password to the .htpasswd file and place it in the same place mentioned in the htaccess above.
The little script below generates the uname:password combination
- You can test this here, username and password are both ‘test’
