Secure Web Access by Password

This guide explains how to protect part of a site on a site. Web hosting by making it mandatory to enter a password before viewing a directory (including subdirectories) from a browser.

 

Simple method

Protect by password (authentication) Digest) a directory using the tool "Folder Protection":

1. Click here in order to access the management of your product on the Manager Infomaniak (Need help?).
2. Click directly on the name assigned to the product concerned.
3. Click Security in the left side menu.
4. Click Folder Protection in the left side menu.
5. Click on the directory to protect.
6. Activate protection by the toggle switch and then create one or more users*:
   
   • * Users are defined by directory; the tool does not manage user groups:
     
7. Click the Add button.
8. Click on the button to Add additional user access if necessary.
9. Click on the action menu to the right of the user to modify or remove it.
10. Click the toggle switch button again to completely disable directory protection:
    

Manual method via .htaccess

To protect a folder by a password using the file .htaccess on your site:

1. Connect to your hosting via FTP software/client or the FTP Manager.

2. In the folder to protect, create a file called password.php and adapt the following content inside by replacing 12345 by the desired password:

   <?php
   $pass = "12345";
   echo password_hash($pass, PASSWORD_DEFAULT);  // Affiche le mot de passe chiffré
   ?>

3. Open a web browser and view the file password.php (example: domain.xyz/dossier-to protect/password.php).
4. The web browser displays your encrypted password; copy the encrypted password, there will be a need for it afterwards...

In the folder to protect, create a file called .htaccess and adapt the following content inside:

AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile "/exemple/.htpasswd"
Require valid-user

Replace /exemple/ by the absolute path the file to be protected. Example:

AuthUserFile "/home/clients/0f83c7afb710e5ae2645a1b704d8772f/web/dossier_a_proteger/.htpasswd"

In the folder to protect, create a file called htpasswd.txt and adapt the following content inside:

login:password_chiffré

• Replace login by the desired login.
• Replace password_chiffré by the encrypted password copied in step 1 of this guide.

Once the file htpasswd.txt Save it, rename it as follows: .htpasswd.

Open a web browser and try to display one of the pages contained in the protected folder. If the guide has been followed, the login and password (unencrypted) selected allow access to the protected folder.

Other restrictions may also be provided by .htaccess.