• Report an IT Security Incident
  • Request Help
  • Help & Support
    • Working/Learning Remotely
    • Request Help
    • Live Chat
    • Track a Ticket
    • Knowledge Base
    • Getting Started
    • Contact Us
    • ITS Alerts Sign Up
  • Service Catalog
    • Accounts & Access
    • Communications & Collaboration
    • Computers & Software
    • Data, Reporting & Analytics
    • Network & Internet Services
    • Pilot Services
    • Professional Services
    • Research Computing
    • Teaching & Learning
    • University Applications
    • Web, Servers & Hosting
  • About ITS
    • Our Team
    • Strategic Plan
    • Annual Reports
    • Awards
    • Student Employment
  • Working with ITS
    • Architectural Standards Review Board
    • Projects & Project Management
    • Technology Investment Request Lifecycle
    • Governance Committees
    • Business Intelligence
    • Enterprise Data Integration Services (EDIS)
    • GMU-TV
    • IT Security Office
  • Alerts & Bulletins
    • Unplanned Outages
    • Phishing Alerts
    • Maintenance
    • Bulletins
    • Spotlights
    • After Action Reports
    • Archives
  • Report an IT Security Incident
  • Request Help
X Hide

Information Technology Services

Skip to content
  • Help & Support
    • Working/Learning Remotely
    • Request Help
    • Live Chat
    • Track a Ticket
    • Knowledge Base
    • Getting Started
    • Contact Us
    • ITS Alerts Sign Up
  • Service Catalog
    • Accounts & Access
    • Communications & Collaboration
    • Computers & Software
    • Data, Reporting & Analytics
    • Network & Internet Services
    • Pilot Services
    • Professional Services
    • Research Computing
    • Teaching & Learning
    • University Applications
    • Web, Servers & Hosting
  • About ITS
    • Our Team
    • Strategic Plan
    • Annual Reports
    • Awards
    • Student Employment
  • Working with ITS
    • Architectural Standards Review Board
    • Projects & Project Management
    • Technology Investment Request Lifecycle
    • Governance Committees
    • Business Intelligence
    • Enterprise Data Integration Services (EDIS)
    • GMU-TV
    • IT Security Office
  • Alerts & Bulletins
    • Unplanned Outages
    • Phishing Alerts
    • Maintenance
    • Bulletins
    • Spotlights
    • After Action Reports
    • Archives

Knowledge Base

Home > Help & Support > Knowledge Base > Web, Servers & Data > Web Dev > How to Password Protect a Directory

How to Password Protect a Directory

On www.gmu.edu it is possible to ensure that web visitors must enter a login and password to access a certain directory.

Security Note

While this technique will prevent most web visitors from accessing the contents of your protected directory, this isn’t a particularly secure method. The password is sent in the clear, and in most cases, anyone who has server access to the Mason Cluster could download your files through SFTP.

Do not rely on this technique to protect confidential information.

Instructions

Step 1

Connect to the Mason Cluster.

Step 2

Enter the following command:
cd /usr/local/htdocs/your_directory_path

Note: Replace your_directory_path appropriately. (e.g., if your site is located at www.gmu.edu/departments/english, your_directory_path would be departments/english)

Step 3

If you have a directory already created for the page(s) that you want to protect, change into that directory:
cd directory_to_protect

Otherwise, create the directory first:
mkdir directory_to_protect
cd directory_to_protect

Step 4

To create the file that will hold the usernames and passwords enter the following command:
/usr/bin/htpasswd -c .htpasswd username

Note: Replace username with whatever username you’d like and keep in mind that it’s case sensitive.

Step 5

To add more users run the command again, without the -c flag:
/usr/bin/htpasswd .htpasswd username

Step 6

To create the file that ensures the directory is protected enter the following command:
pico .htaccess

Step 7

You are now in a text editor. Copy and paste the following code:
AuthUserFile /usr/local/htdocs/your_directory_path/directory_to_protect/.htpasswd
AuthName "Password Protected Directory"
AuthType Basic

<Limit GET>
require user username
<Limit>

Replace with your own values where appropriate. To add multiple users add more lines to the Limit block:

<Limit GET>
require user username1
require user username2
<Limit>

Step 8

Save the file (Ctrl+O) and exit (Ctrl+X).

Step 9

Set permissions on your .htaccess and .htpasswd files to 644.

Step 10

Test by trying to access the directory through a web browser. If it is properly set up, you should get a login prompt, and be able to log in with one of the usernames you created.

Last modified: June 10, 2021

Previous

How to Fix Server Upload Permissions

Next

How to Set Up an Email Form

Related articles

  • What is the mason.gmu.edu server?
  • How to Upload Files with CyberDuck (for Mac)
  • What is the www.gmu.edu server?
  • Web Development
  • Mason Servers Overview

Get Started at Mason

Whether you are a student, faculty, staff member, or a guest visiting the Mason campus, we have resources to help get you started.

Read More

Quick Links

Patriot Pass Password Reset
Submit a Ticket
Track a Ticket
PuTTY
Cisco AnyConnect VPN

Read More

Explore IT Services

A B C D E F G
H I J K L M N
O P Q R S T U
V W X Y Z #

© 2022 George Mason University
4400 University Drive
Fairfax, Virginia 22030

Latest tweet

George Mason ITS Follow

The official Twitter page for George Mason University's Information Technology Services

GeorgeMasonITS
George Mason ITS @georgemasonits ·
23 Jan

After October 14, 2025, Microsoft will no longer provide security updates or support for Windows 10 systems. As a result, all Windows 10 systems must be upgraded to Windows 11 or removed from the Mason network. Learn more ⬇️

https://its.gmu.edu/bulletins/microsoft-windows-11-announcement/

Reply on Twitter 1617560494176620547 Retweet on Twitter 1617560494176620547 Like on Twitter 1617560494176620547 Twitter 1617560494176620547
View All
ITS Support Center
703-993-8870
support@gmu.edu
live chat
Monday – Thursday, 8 a.m. – 9 p.m.
Friday, 8 a.m. – 5 p.m.
Saturday, Closed
Sunday, 1 p.m. – 9 p.m.
(closed Thursday 3 p.m. – 4 p.m. for a team meeting) Modified Winter Hours Monday –Thursday,
8 a.m. – 7 p.m. Friday, 8 a.m. – 5 p.m. Saturday & Sunday,
Closed Normal business hours will resume on Sunday, January 22 at 1:00 p.m.
  • Webmaster