There are several ways to password protect a file or an entire directory on the server. One feature of the .htaccess file protection (notice the period in the front) is that it protects entire directory. Two files are needed to protect your site:.htaccess and .htpasswd. Open any text editor (i.e. Notepad) and create a new file named .htaccess. Write the following to your .htaccess file:

Copy the file .htaccess to the directory you wish to protect. To protect all your web pages, put a .htaccess in your top directory. Subdirectories of a directory with a .htaccess file will be under its control unless they have their own .htaccess file.

Edit the path to the .htpasswd file. This should be full pathname of the password file. You can put it outside your www directory to keep it from getting served as a web document, but the server will need read permission on this directory. You don't have to edit password file, APB Admin will write new username and password immediately after new user is registered. In the second line we specify /dev/null to say that the file .htgroup doesn't exist. AuthName in the third line can be anything you want. This text is usually given when a browser prompts for a password.

AuthType in the last line should be set to Basic since we are using Basic HTTP Authentication. In Basic HTTP Authentication, the password is not passed over the network as plain text, it is "uuencoded", but not encrypted. This method of authentication is roughly as safe as telnet security.

You may need to create encryption for your password in admin area as described in admin.html. You can use this form to create encryption: