Mark Stephens Mark has been working with Java and PDF since 1999 and is a big NetBeans fan. He enjoys speaking at conferences. He has an MA in Medieval History and a passion for reading.

Using Apache htaccess to password protect documents

2 min read

Introduction

Most web sites are run on servers which use the Apache software. This offers some very useful features for websites. For example, it allows you to password protect access to files in any directory – if the user does not know the password they cannot view the pages! It is very easy to add to your website with just 2 files (note both the files start with a dot).

.htaccess

Before letting any user access a file, Apache checks to see if this file exists in the directory with the file you are trying to access. If it exists, then it will use the values in the file. Here is a simple example from our website.

order allow,deny

allow from all

require valid-user

Authname "Password access required."

Authtype Basic

AuthUserFile /var/www/vhosts/idrsolutions.com/files/Cust/.htpasswd

This example does TWO things. Firstly it defines the access rules for this location. All files in the directory where the file is found can only be accessed with a login and password. Secondly, it defines that this will be found in a file /var/www/vhosts/idrsolutions.com/files/Cust/.htpasswd – this does not have to be the same directory but often is to simplify administration.

In order to use this feature, you need to know how the real paths on the server relate to your website. On our system, Apache maps our website http://www.idrsolutions.com to /var/www/vhosts/idrsolutions.com/ so anything in http://www.idrsolutions.com/files/Cust will be protected. (Note that this is often a Unix server so assume all values are case sensitive). You will need to ask whoever maintains your website for this information (although it is often /var/www/vhosts/mySite/).

.htpasswd

This file contains the login and passwords. It consists of a set of lines with

loginName: password (encrypted).

So when I added the user mark with the password test to my file, I added a line

mark:$6$7X9OefNE$3JxPhSS6gDWew1QZAJqS2JlUNt2Ly/r7uIMKpRkc1dsgRpaEEeYsiTYKDuk6.c9XjIFEZxXdgGTtQNhur2KyW/

A tip for when you add a user is to keep the entries in alphabetical order. This makes it much easier to manage.

When I try to access anything in this directory, a password box will popup and I will need to type in the username mark and the password test. If I do not, I will be told I cannot access the page.

The encrypted password is easily generated by a small php script on your website. I have this small file htpass.php on my website to generate the passwords for me.

usr = '';

if (isset($_POST['password']))
if($_POST['password']!= "" AND $_POST['user']!= "" ) {
    $usr = $_POST['user'];
    $pass = $_POST['password'];
    $ht_pass = crypt($pass);
}
print "Password Encryption
.htpasswd File Password EncryptionEnter Username

Enter Password


“;
if (isset($_POST[‘password’]))
if($_POST[‘password’] != “” AND $_POST[‘user’] != “” ) {
print ”

.htpasswd File Code
$usr:$ht_pass”;
}
print ”

";
?>

This looks like this when I open the link in my web browser.

apache password

 

Note that every time you rerun it, you will get a different (and still valid key to use).

Once you add this file to .htpasswd, the user will be able to access content in the directory (until you remove the line from the .htpasswd file).

Next steps

So there you have a very simple and easy way to control access to your website content based on password. If you would like to explore additional options or find out more details, I recommend the Apache website tutorial.

This article is part of a series of articles with suggestions for enhancing your HTML5 content. You can also read about Adding Annotations with Annotator.js, Adding Fullscreen using the JavaScript FullScreen API and Optimising Images using PNGQuant.



Our software libraries allow you to

Convert PDF files to HTML
Use PDF Forms in a web browser
Convert PDF Documents to an image
Work with PDF Documents in Java
Read and write HEIC and other Image formats in Java
Mark Stephens Mark has been working with Java and PDF since 1999 and is a big NetBeans fan. He enjoys speaking at conferences. He has an MA in Medieval History and a passion for reading.

Creating a WordPress Plugin Part 3: Adding Shortcodes

Recently, I’ve been working on a proof of concept project which integrates our JPDF2HTML5 web service with the popular blogging platform WordPress. This series of...
Simon Lissack
1 min read