First we must create was is known as the .htaccess authentication file. This file is the key to providing who has access to the files in the directory and what types of operations they are allowed to perform within the directory. This tutorial will restrict who is able to view (GET) files from the directory and upload (POST) files into the directory. For more elaborate security measures, check out Apache's web site. Open your favorite editor (Windows®, Notepad works well) or telnet into your web server and use a Unix editor like vi. Using the text below as a guideline, create a text file where /var/www/html/private/ is the absolute path of the directory where you would like to store your authentication usernames/passwords and My Private Directory is the name you would like for the authentication window. AuthUserFile /var/www/html/private/.htpasswd
AuthName "My Private Directory"
AuthType Basic <Limit GET POST>
</Limit> Note: the absolute path to the .htpasswd file is very important. If unsure about this path, ask your hosting provider or telnet into the server and from the directory you want to keep your usernames/passwords, type pwd at the shell prompt. Note: the .htaccess file also protects subdirectories of the directory in which it is placed. [*]Save this file as .htaccess.
[*]The .htaccess file needs to be placed inside the directory you would like protected. If the file was created on your local workstation, ftp the file into the directory you want protected. If a Unix editor like vi was used, use the mv command to move the file to the required directory.