This guide explains how to protect part of a site on a Web Hosting by making it mandatory to enter a password before viewing a directory (including subdirectories) from a browser.

Simple method

Password-protect (Digest authentication) a directory using the "Folder Protection" tool:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the product in question.
3. Click on Security in the left sidebar.
4. Click on Folder Protection in the left sidebar.
5. Click on the directory to protect.
6. Enable protection with the toggle switch and then create one or more users*:
   
   • * Users are defined per directory; the tool does not allow managing user groups:
     
7. Click on the Add button.
8. Click on the button to add access for an additional user if necessary.
9. Click on the action menu ⋮ located to the right of the user in question to modify or remove them.
10. Click the toggle switch again to completely disable the folder protection:
    

Manual method via .htaccess

To protect a folder with a password using your site's .htaccess file:

1. Log in to your hosting via an FTP software/client or the FTP Manager.

2. In the folder to protect, create a file called password.php and adapt the following content inside by replacing 12345 with the desired password:

   <?php
   $pass = "12345";
   echo password_hash($pass, PASSWORD_DEFAULT);  // Affiche le mot de passe chiffré
   ?>

3. Open a web browser and display the file password.php (example: domain.xyz/dossier-à-protéger/password.php).
4. The web browser displays your encrypted password; copy the encrypted password, it will be needed later…

In the folder to protect, create a file called .htaccess and adapt the following content inside:

AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile "/exemple/.htpasswd"
Require valid-user

Replace /exemple/ with the absolute path of the folder to protect. Example:

AuthUserFile "/home/clients/0f83c7afb710e5ae2645a1b704d8772f/web/dossier_a_proteger/.htpasswd"

In the folder to protect, create a file called htpasswd.txt and adapt the following content inside:

login:password_chiffré

• Replace login with the desired login.
• Replace password_chiffré with the encrypted password copied in step 1 of this guide.

Once the file htpasswd.txt is saved, rename it as follows: .htpasswd.

Open a web browser and try to display one of the pages contained in the protected folder. If the guide has been followed correctly, the chosen login and password (unencrypted) allow access to the protected folder.

Other restrictions can also be added by .htaccess.