How do I do BASICAuth using .htaccess and .htpasswd?

This FAQ was last modified on: Tuesday, January 16, 2018 10:28pm

If you would like to protect a subdirectory with a username and password that you supply rather than using the CAS authentication method you have two choices. The first is to use the Password Protected Directories part of the control panel. The other is to use the standard .htaccess method that most web admins are already aware of.

To secure a directory you will need to create a ".htaccess" file in the directory that contains at least these items:


Authtype Basic
AuthName "Put whatever you want here"
AuthUserFile /var/www/vhosts/<hostname>/httpdocs/<path to your passwd file>
Require valid-user


The <hostname> part should be your site's name without the "www." part (i.e. ""). The <path to your passwd file> part should point to your httpdocs or httpsdocs directory in which your password file is kept. For example, if I wanted to secure I would create a .htaccess and .htpasswd file in the /httpdocs/foo directory. The AuthUserFile line would read:

AuthUserFile /var/www/vhosts/

Creating a password file is done by using the "htpasswd" command like this:

htpasswd -c /httpdocs/foo/.htpasswd fred

The "-c" option creates the file for the first time. Don't use it if you are adding another user to an existing file. "fred" is the username you are adding. It will then ask you for a password and then to confirm it. After that you should be able to access the URL and be asked for the username and password.