User Authentication and Apache

In website development, more often than not certain files or directories need access restrictions.  Access can be restricted either through server-side scripting (i.e. Coldfusion, PHP, or ASP) or the web server, like Apache.  To restrict access in Apache, a file named “.htaccess” can be uploaded into the directory of which you want access restricted. The .htacess file is a text file that lets the web server prompt for a username or password, or displays a message that you are not authorized to view the contents of this page.  When restricting users by login name and password, the .htaccess file references a file called .htpasswd.  There is a program in the Apache directory called htpasswd.exe that will create a user and password in an encrypted MD5 format.  There are many options for the htpasswd.exe program that include recreating the file, appending the file, and using different encryption types.  Below is an example of the contents in a .htaccess file.

AuthUserFile c:\security\.htpasswd
AuthName “Please Enter a User and Password”
AuthType Basic
require valid-user

This would be an example of the .htpasswd file.