{"id":6981,"date":"2024-09-13T09:00:43","date_gmt":"2024-09-13T09:00:43","guid":{"rendered":"https:\/\/www.smarthost.au\/blog\/?p=6981"},"modified":"2024-09-13T09:00:43","modified_gmt":"2024-09-13T09:00:43","slug":"how-to-restrict-access-to-a-file-folder-with-authentication","status":"publish","type":"post","link":"https:\/\/www.smarthost.au\/blog\/how-to-restrict-access-to-a-file-folder-with-authentication","title":{"rendered":"How to Restrict Access to a File\/Folder with Authentication"},"content":{"rendered":"\n

Sometimes, to prevent unauthorized access to a folder or file, it is necessary to add an authorization lock where access to the resource will only be granted after entering the correct username and password.<\/p>\n\n\n\n

Securing Access to a Folder<\/h2>\n\n\n\n

Access to a folder using authorization credentials can be set up in two ways:<\/p>\n\n\n\n

1) Setting up a folder access lock via cPanel<\/h3>\n\n\n\n

To set up protection via cPanel, go to cPanel -> Directory Privacy.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

After navigating, all the folders located in the home directory of the account will be displayed. To block access to a website folder, first go to public_html by clicking on the folder name (see the image below), and then click Edit<\/strong> next to the selected domain folder (for the purposes of this guide, we will add a lock to the folder of the client-domai<\/strong>n).<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

After clicking Edit<\/strong>, check the box “Password protect this directory” and click Save<\/strong>.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

After saving and returning to this page, you will be able to enter a username and password. After entering the credentials, click Save<\/strong>.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

The folder lock has been set up. Now, when you access the site, a login window will appear:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

NOTE<\/strong><\/p>\n\n\n\n

If, after accessing the site, a 404 error appears instead of the login window, add the following line to the .htaccess file:<\/p>\n\n\n\n

ErrorDocument 401 default<\/code><\/p>\n\n\n\n

After adding this line, the login page should display correctly.<\/p>\n\n\n\n

<\/p>\n\n\n\n

2) Setting up a folder access lock via .htaccess<\/h3>\n\n\n\n

An alternative way to set up this protection is to add rules to the .htaccess file and create a password file. To do this:<\/p>\n\n\n\n

    \n
  1. Navigate to the application folder and edit the .htaccess file.<\/li>\n\n\n\n
  2. Add the following lines to the .htaccess file:
    AuthType Basic
    AuthName \"Protected 'This is a folder lock'\"
    AuthUserFile \"\/home\/user\/.htpasswds\/public_html\/client-domain\/passwd\"
    Require valid-user<\/code>

    In AuthUserFile<\/strong>, specify the path to the password file (passwd), which will be created in the following steps.<\/li>\n\n\n\n
  3. After adding the record to .htaccess, create a passwd file with the login and hashed password in the path defined in the previous step (AuthUserFile). In the file, it should look like this:
    login:passwordHash<\/code>
    The hash can be generated e.g. via https:\/\/onlinephp.io\/password-hash<\/a><\/li>\n<\/ol>\n\n\n\n

    After adding the above entries, when accessing the locked directory, a login page should appear where you need to enter the previously defined username and password.<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    NOTE<\/strong><\/p>\n\n\n\n

    If, after accessing the site, a 404 error appears instead of the login window, add the following line to the .htaccess file:<\/p>\n\n\n\n

    ErrorDocument 401 default<\/p>\n\n\n\n

    After adding this line, the login page should display correctly.<\/p>\n\n\n\n

    Securing Access to a File<\/h2>\n\n\n\n

    To secure access to a file only after authorization, you need to add rules to the .htaccess file and create a password file. To do this:<\/p>\n\n\n\n

      \n
    1. Navigate to the application folder and edit the .htaccess file.<\/li>\n\n\n\n
    2. Add the following lines to the .htaccess file:
      <Files file_to_block.php>
      AuthType Basic
      AuthName \"My file access lock\"
      AuthUserFile \/home\/user\/.htpasswds\/public_html\/client-domain\/.htpasswd
      Require valid-user
      <\/Files><\/code>

      Replace file_to_block.php<\/strong> with the name of the file you want to protect. In AuthUserFile<\/strong>, specify the path to the password file (passwd), which will be created in the following steps.<\/li>\n\n\n\n
    3. After adding the record to .htaccess, create a passwd file with the login and hashed password in the path defined in the previous step (AuthUserFile).<\/li>\n<\/ol>\n\n\n\n

      After adding the above entries, when accessing the locked directory, a login page should appear where you need to enter the previously defined username and password.<\/p>\n\n\n\n

      \"\"<\/figure>\n\n\n\n

      NOTE<\/strong><\/p>\n\n\n\n

      If, after accessing the site, a 404 error appears instead of the login window, add the following line to the .htaccess file:<\/p>\n\n\n\n

      ErrorDocument 401 default<\/code><\/p>\n\n\n\n

      After adding this line, the login page should display correctly.<\/p>\n","protected":false},"excerpt":{"rendered":"

      Sometimes, to prevent unauthorized access to a folder or file, it is necessary to add an authorization lock where access to the resource will only be granted after entering the correct username and password. SecuringContinue reading<\/a><\/p>\n","protected":false},"author":26,"featured_media":7032,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[265,8],"tags":[1244,1241,1242,1248,1245,1247,1246],"class_list":["post-6981","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hosting-hr","category-security","tag-access-after-authorization","tag-access-lock","tag-directory-privacy","tag-file-protection","tag-htpasswd","tag-privacy-protection","tag-protection"],"_links":{"self":[{"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/posts\/6981","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/users\/26"}],"replies":[{"embeddable":true,"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/comments?post=6981"}],"version-history":[{"count":1,"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/posts\/6981\/revisions"}],"predecessor-version":[{"id":6987,"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/posts\/6981\/revisions\/6987"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/media\/7032"}],"wp:attachment":[{"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/media?parent=6981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/categories?post=6981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/tags?post=6981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}